aboutsummaryrefslogtreecommitdiffstats
path: root/modules
Commit message (Collapse)AuthorAgeFilesLines
* Refactor `og:description` to limit the max length (#26876)wxiaoguang2023-09-031-0/+5
| | | | | | | | 1. The `og:description` should be "a one to two sentence description of your object" * It shouldn't output all the user inputted content -- it would be pretty huge. * Maybe it only needs at most 300 bytes. 2. Do not render commit message as HTML
* restrict certificate type for builtin SSH server (#26789)Earl Warren2023-09-011-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | - While doing some sanity checks over OpenSSH's code for how they handle certificates authentication. I stumbled on an condition that checks the certificate type is really an user certificate on the server-side authentication. This checks seems to be a formality and just for the sake of good domain seperation, because an user and host certificate don't differ in their generation, verification or flags that can be included. - Add this check to the builtin SSH server to stay close to the unwritten SSH specification. - This is an breaking change for setups where the builtin SSH server is being used and for some reason host certificates were being used for authentication. - (cherry picked from commit de35b141b79a3d6efe2127ed2c73fd481515e481) Refs: https://codeberg.org/forgejo/forgejo/pulls/1172 ## :warning: BREAKING :warning: Like OpenSSH, the built-in SSH server will now only accept SSH user certificates, not server certificates. Co-authored-by: Gusted <postmaster@gusted.xyz> Co-authored-by: Giteabot <teabot@gitea.io>
* Avoid double-unescaping of form value (#26853)wxiaoguang2023-09-012-22/+4
| | | | | | | 1. The old `prepareQueryArg` did double-unescaping of form value. 2. By the way, remove the unnecessary `ctx.Flash = ...` in `MockContext`. Co-authored-by: Giteabot <teabot@gitea.io>
* Move web/api context related testing function into a separate package (#26859)wxiaoguang2023-09-011-5/+4
| | | | | | | | | Just like `models/unittest`, the testing helper functions should be in a separate package: `contexttest` And complete the TODO: > // TODO: move this function to other packages, because it depends on "models" package
* Render code blocks in repo description (#26830)silverwind2023-08-311-3/+2
| | | | | | | | | | Backtick syntax now works in repo description too. Also, I replaced the CSS for this was a new single class, making it more flexible and not dependent on a parent. Also, very slightly reduced font size from 16.8px to 16px. --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Check blocklist for emails when adding them to account (#26812)techknowlogick2023-08-301-0/+25
|
* Use `Set[Type]` instead of `map[Type]bool/struct{}`. (#26804)KN4CK3R2023-08-302-17/+12
|
* Fix some slice append usages (#26778)Chongyi Zheng2023-08-291-1/+1
| | | Co-authored-by: delvh <dev.lh@web.de>
* Remove redundant nil check in `WalkGitLog` (#26773)Eng Zer Jun2023-08-291-17/+15
| | | | | | | | | | From the Go specification: > "1. For a nil slice, the number of iterations is 0." https://go.dev/ref/spec#For_range Therefore, an additional nil check for before the loop is unnecessary. Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* Add fix incorrect can_create_org_repo for org owner team (#26683)yp053272023-08-291-0/+61
| | | | | | | | | | | Related to: #8312 #26491 In migration v109, we only added a new column `CanCreateOrgRepo` in Team table, but not initial the value of it. This may cause bug like #26491. --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Reduce some allocations in type conversion (#26772)Chongyi Zheng2023-08-291-1/+1
|
* refactor(API): refactor secret creation and update functionality (#26751)Bo-Yi Wu2023-08-281-14/+2
| | | | | | | | | | | | | | | | | | | | According to the GitHub API Spec: https://docs.github.com/en/rest/actions/secrets?apiVersion=2022-11-28#create-or-update-an-organization-secret Merge the Create and Update secret into a single API. - Remove the `CreateSecretOption` struct and replace it with `CreateOrUpdateSecretOption` in `modules/structs/secret.go` - Update the `CreateOrUpdateOrgSecret` function in `routers/api/v1/org/action.go` to use `CreateOrUpdateSecretOption` instead of `UpdateSecretOption` - Remove the `CreateOrgSecret` function in `routers/api/v1/org/action.go` and replace it with `CreateOrUpdateOrgSecret` - Update the Swagger documentation in `routers/api/v1/swagger/options.go` and `templates/swagger/v1_json.tmpl` to reflect the changes in the struct names and function names Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
* Fix bug for ctx usage (#26762)Lunny Xiao2023-08-281-4/+4
| | | | | Regression from #26158 Fix #26684
* Expanded minimum RSA Keylength to 3072 (#26604)mainboarder2023-08-282-2/+2
| | | | | | | | | | | | | | | German Federal Office for Information Security requests in its technical guideline BSI TR-02102-1 RSA Keylength not shorter than 3000bits starting 2024, in the year 2023 3000bits as a recommendation. Gitea should request longer RSA Keys by default in favor of security and drop old clients which do not support longer keys. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.pdf?__blob=publicationFile&v=9 - Page 19, Table 1.2 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Use docs.gitea.com instead of docs.gitea.io (#26739)Lunny Xiao2023-08-273-8/+8
|
* Move `modules/mirror` to `services` (#26737)Chongyi Zheng2023-08-273-118/+0
| | | | | To solve the cyclic imports in a better way Closes #20261
* Make web context initialize correctly for different cases (#26726)wxiaoguang2023-08-253-29/+34
| | | | | | | The web context (modules/context.Context) is quite complex, it's difficult for the callers to initialize correctly. This PR introduces a `NewWebContext` function, to make sure the web context have the same behavior for different cases.
* add Upload URL to release API (#26663)Earl Warren2023-08-241-0/+1
| | | | | | | | | | | | - Resolves https://codeberg.org/forgejo/forgejo/issues/580 - Return a `upload_field` to any release API response, which points to the API URL for uploading new assets. - Adds unit test. - Adds integration testing to verify URL is returned correctly and that upload endpoint actually works --------- Co-authored-by: Gusted <postmaster@gusted.xyz>
* Add merge files files to GetCommitFileStatus (#20515)Laurent Cahour2023-08-2422-1/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hi, We'd like to add merge files files to GetCommitFileStatus fucntions so API returns the list of all the files associated to a merged pull request commit, like GitHub API does. The list of affectedFiles for an API commit is fetched from toCommit() function in routers/api/v1/repo/commits.go, and API was returning no file in case of a pull request with no conflict, or just files associated to the confict resolution, but NOT the full list of merged files. This would lead to situations where a CI polling a repo for changes could miss some file changes due to API returning an empty / partial list in case of such merged pull requests. (Hope this makes sense :) ) NOTE: I'd like to add a unittest in integrations/api_repo_git_commits_test.go but failed to understand how to add my own test bare repo so I can make a test on a merged pull request commit to check for affectedFiles. Is there a merged pull request in there that I could use maybe? Could someone please direct me to the relevant ressources with informations on how to do that please? Thanks for your time, Laurent. --------- Co-authored-by: Thomas Desveaux <desveaux.thomas@gmail.com>
* chore(actions): support cron schedule task (#26655)Lunny Xiao2023-08-241-4/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Replace #22751 1. only support the default branch in the repository setting. 2. autoload schedule data from the schedule table after starting the service. 3. support specific syntax like `@yearly`, `@monthly`, `@weekly`, `@daily`, `@hourly` ## How to use See the [GitHub Actions document](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule) for getting more detailed information. ```yaml on: schedule: - cron: '30 5 * * 1,3' - cron: '30 5 * * 2,4' jobs: test_schedule: runs-on: ubuntu-latest steps: - name: Not on Monday or Wednesday if: github.event.schedule != '30 5 * * 1,3' run: echo "This step will be skipped on Monday and Wednesday" - name: Every time run: echo "This step will always run" ``` Signed-off-by: Bo-Yi.Wu <appleboy.tw@gmail.com> --------- Co-authored-by: Jason Song <i@wolfogre.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* feat(API): update and delete secret for managing organization secrets (#26660)Bo-Yi Wu2023-08-241-0/+9
| | | | | | | | | | | | | | | | | | - Add `UpdateSecret` function to modify org or user repo secret - Add `DeleteSecret` function to delete secret from an organization - Add `UpdateSecretOption` struct for updating secret options - Add `UpdateOrgSecret` function to update a secret in an organization - Add `DeleteOrgSecret` function to delete a secret in an organization GitHub API 1. Update Org Secret: https://docs.github.com/en/rest/actions/secrets?apiVersion=2022-11-28#create-or-update-an-organization-secret 2. Delete Org Secret: https://docs.github.com/en/rest/actions/secrets?apiVersion=2022-11-28#delete-an-organization-secret --------- Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
* Fix counting and filtering on the dashboard page for issues (#26657)Jason Song2023-08-232-3/+51
| | | | | | | | | | | | | | | | | | This PR has multiple parts, and I didn't split them because it's not easy to test them separately since they are all about the dashboard page for issues. 1. Support counting issues via indexer to fix #26361 2. Fix repo selection so it also fixes #26653 3. Keep keywords in filter links. The first two are regressions of #26012. After: https://github.com/go-gitea/gitea/assets/9418365/71dfea7e-d9e2-42b6-851a-cc081435c946 Thanks to @CaiCandong for helping with some tests.
* feat: implement organization secret creation API (#26566)Bo-Yi Wu2023-08-221-1/+13
| | | | | | | | | | | | | - Add a new `CreateSecretOption` struct for creating secrets - Implement a `CreateOrgSecret` function to create a secret in an organization - Add a new route in `api.go` to handle the creation of organization secrets - Update the Swagger template to include the new `CreateOrgSecret` API endpoint --------- Signed-off-by: appleboy <appleboy.tw@gmail.com>
* Update minimum password length requirements (#25946)techknowlogick2023-08-211-1/+1
|
* Use correct minio error (#26634)delvh2023-08-211-2/+2
| | | | | | | | | | | Previously, `err` was defined above, checked for `err == nil` and used nowhere else. Hence, the result of `convertMinioErr` would always be `nil`. This leads to a NPE further down the line. That is not intentional, it should convert the error of the most recent operation, not one of its predecessors. Found through https://discord.com/channels/322538954119184384/322538954119184384/1143185780206993550.
* Remove avatarHTML from template helpers (#26598)wxiaoguang2023-08-211-1/+0
| | | | | | The HTML code is more readable and more correct (it needs `"ui avatar"` class) Co-authored-by: Giteabot <teabot@gitea.io>
* Add `branch_filter` to hooks API endpoints (#26599)Yarden Shoham2023-08-211-0/+1
| | | | | | | | | | | | | | | | | | We now include the branch filler in the response. - Closes #26591 # Before ![image](https://github.com/go-gitea/gitea/assets/20454870/73933940-c1a7-4573-abae-f340b63028b2) # After ![image](https://github.com/go-gitea/gitea/assets/20454870/3b3c4a85-0f7c-48c7-8617-def7a66c671d) --------- Signed-off-by: Yarden Shoham <git@yardenshoham.com> Co-authored-by: Giteabot <teabot@gitea.io>
* Add link to job details and tooltip to commit status in repo list in ↵yp053272023-08-211-0/+4
| | | | | | | | | | | dashboard (#26326) Tooltip: ![image](https://github.com/go-gitea/gitea/assets/18380374/237cb545-7844-424b-b995-1008eaaaedec) Link to the target job: ![image](https://github.com/go-gitea/gitea/assets/18380374/0c11a97f-6517-47f2-8773-f381488c084e)
* Update tool dependencies (#26607)silverwind2023-08-201-1/+1
| | | | | | - Updated all tool dependencies to latest versions - Add Makefile to `swagger` files because it specifies `go-swagger` version - Fix lint
* Fix NPM packages name validation (#26595)TimberBro2023-08-202-1/+19
| | | | | | | | | | | | | | | | | - Added new tests to cover corner cases - Replace existing regex with new one Closes #26551 --- As @silverwind suggested, I started from [validate-npm-package-name](https://github.com/npm/validate-npm-package-name), but found this solution too complicated. Then I tried to fix existing regex myself, but thought, that exclude all restricted symbols is harder, than set only allowed symbols. Then I search a bit more and found [package-name-regex](https://github.com/dword-design/package-name-regex) and regex from it works for all new test cases. Let me know, if more information or help with this PR is needed.
* Support rebuilding issue indexer manually (#26546)Jason Song2023-08-171-7/+15
| | | | | | | | | | | Provide a way to rebuild issue indexer manually. So if the indexer get outdated because of some bugs like #26539, we can rebuild it. <img width="1104" alt="image" src="https://github.com/go-gitea/gitea/assets/9418365/ac242e29-6f04-47ca-b3d0-801a796448d3"> Co-authored-by: Giteabot <teabot@gitea.io>
* Sync repo's IsEmpty status correctly (#26517)wxiaoguang2023-08-171-1/+1
| | | Close #26509
* Explain SearchOptions and fix ToSearchOptions (#26542)Jason Song2023-08-163-22/+35
| | | | | Follow #26012 #26490. A detailed description has been added to the comment.
* Add missing triggers to update issue indexer (#26539)Jason Song2023-08-161-39/+13
| | | | | | | | | | | | Fix #26536 Follow #26012 Whatever the comment type is, always update the issue indexer. So the issue indexer will be updated when there is a change in Status, Assignee, Label, and so on. I added the logic for `NotifyUpdateComment`, but missed it for `NotifyCreateIssueComment` and `NotifyDeleteComment`.
* Fix project filter bugs (#26490)CaiCandong2023-08-151-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | related: #26012 ### Bugs 1. missing project filter on the issue page. https://github.com/go-gitea/gitea/blob/1e76a824bcd71acd59cdfb2c4547806bc34b3d86/modules/indexer/issues/dboptions.go#L11-L15 3. incorrect SQL condition: some issue does not belong to a project but exists on the project_issue table. https://github.com/go-gitea/gitea/blob/f5dbac9d36f1678b928bee04e85fbd045c725698/models/issues/issue_search.go#L233 ### Before: ![before](https://github.com/go-gitea/gitea/assets/50507092/1dcde39e-3e2f-4151-b2c6-4d67bf493c2f) ### After: ![after](https://github.com/go-gitea/gitea/assets/50507092/badfb81f-056d-4a2f-9838-1cba9c15768d) --------- Co-authored-by: Giteabot <teabot@gitea.io>
* Fix display problems of members and teams unit (#26363)yp053272023-08-151-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix: - display member count and team count in the menu bar ![image](https://github.com/go-gitea/gitea/assets/18380374/7f03ced4-67e2-41ce-b19f-a992823726bb) - Also display member unit in the menu bar if there are no hidden members in public org ![image](https://github.com/go-gitea/gitea/assets/18380374/31422ad6-7190-438d-8e99-8a4af9cce908) - hidden member board when there's no seeable members. In this org, we only have hidden members: ![image](https://github.com/go-gitea/gitea/assets/18380374/d749420b-554a-4483-8cd2-221df61b5ca7) We will hidden the member board when doer is not the member of this org ![image](https://github.com/go-gitea/gitea/assets/18380374/93bb782e-7d4d-4ad3-a096-133afbc51f8a) Before: ![image](https://github.com/go-gitea/gitea/assets/18380374/eafc0b3e-6218-42ab-a892-39645d08a5eb) If you click the number in the members board, you will access the members page, which is not expected. ![image](https://github.com/go-gitea/gitea/assets/18380374/73d6dadc-0ef2-4ca9-8485-c5f4211bffb2) --------- Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Giteabot <teabot@gitea.io>
* Add API route to list org secrets (#26485)Bo-Yi Wu2023-08-151-0/+15
| | | | | | | | | | | | | | | | | | | - Add a new function `CountOrgSecrets` in the file `models/secret/secret.go` - Add a new file `modules/structs/secret.go` - Add a new function `ListActionsSecrets` in the file `routers/api/v1/api.go` - Add a new file `routers/api/v1/org/action.go` - Add a new function `listActionsSecrets` in the file `routers/api/v1/org/action.go` go-sdk: https://gitea.com/gitea/go-sdk/pulls/629 --------- Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: Giteabot <teabot@gitea.io>
* Detect ogg mime-type as audio or video (#26494)wxiaoguang2023-08-152-1/+25
| | | | | | | | | "ogg" is just a "container" format for audio and video. Golang's `DetectContentType` only reports "application/ogg" for potential ogg files. Actually it could do more "guess" to see whether it is a audio file or a video file.
* Handle base64 decoding correctly to avoid panic (#26483)wxiaoguang2023-08-145-17/+39
| | | Fix the panic if the "base64 secret" is too long.
* Allow to archive labels (#26478)puni98692023-08-141-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ## Archived labels This adds the structure to allow for archived labels. Archived labels are, just like closed milestones or projects, a medium to hide information without deleting it. It is especially useful if there are outdated labels that should no longer be used without deleting the label entirely. ## Changes 1. UI and API have been equipped with the support to mark a label as archived 2. The time when a label has been archived will be stored in the DB ## Outsourced for the future There's no special handling for archived labels at the moment. This will be done in the future. ## Screenshots ![image](https://github.com/go-gitea/gitea/assets/80308335/208f95cd-42e4-4ed7-9a1f-cd2050a645d4) ![image](https://github.com/go-gitea/gitea/assets/80308335/746428e0-40bb-45b3-b992-85602feb371d) Part of https://github.com/go-gitea/gitea/issues/25237 --------- Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix storage path logic especially for relative paths (#26441)Lunny Xiao2023-08-132-93/+294
| | | | | | | | | This PR rewrites the function `getStorage` and make it more clear. Include tests from #26435, thanks @earl-warren --------- Co-authored-by: Earl Warren <contact@earl-warren.org>
* Close stdout correctly for "git blame" (#26470)wxiaoguang2023-08-131-5/+12
| | | | | | Close stdout correctly for "git blame", otherwise the failed "git blame" would case the request hanging forever. And "os.Stderr" should never (seldom) be used as git command's stderr
* Remove last newline from config file (#26468)wxiaoguang2023-08-122-0/+21
| | | | | | | | | When users put the secrets into a file (GITEA__sec__KEY__FILE), the newline sometimes is different to avoid (eg: echo/vim/...) So the last newline could be removed when reading, it makes the users easier to maintain the secret files. Co-authored-by: Giteabot <teabot@gitea.io>
* Adjust minio new sequence, now it will check whether bucket exist first and ↵Lunny Xiao2023-08-121-6/+10
| | | | | | | | | | | then create one if it doesn't exist (#26420) For some reason, the permission of the client_id and secret may cannot create bucket, so now we will check whether bucket does exist first and then try to create a bucket if it doesn't exist. Try to fix #25984 Co-authored-by: silverwind <me@silverwind.io>
* Set commit id when ref used explicitly (#26447)Jack Hay2023-08-121-0/+1
| | | | | | | | | | In the `RepoRefForAPI()` context function `CommitID` is not set if `ref` is used. It is set correctly for other if/else branches where `Commit` is set. It doesn't appear that any routes that use `RepoRefForAPI()` also use `CommitID` but that may be the case in the future. ## Changes - Sets `ctx.Repo.CommitID` when `ref` is explicitly used for api routes that use `RepoRefForAPI()`
* minio: add missing region on client initialization (#26412)nekrondev2023-08-101-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The MinIO client isn't redirecting to the correct AWS endpoint if a non-default data center is used. In my use case I created an AWS bucket at `eu-central-1` region. Because of the missing region initialization of the client the default `us-east-1` API endpoint is used returning a `301 Moved Permanently` response that's not handled properly by MinIO client. This in return aborts using S3 storage on AWS as the `BucketExists()` call will fail with the http moved error. MinIO client trace shows the issue: ```text ---------START-HTTP--------- HEAD / HTTP/1.1 Host: xxxxxxxxxxx-prod-gitea-data.s3.dualstack.us-east-1.amazonaws.com User-Agent: MinIO (windows; amd64) minio-go/v7.0.61 Authorization: AWS4-HMAC-SHA256 Credential=**REDACTED**/20230809/accesspoint.eu-central-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=**REDACTED** X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 X-Amz-Date: 20230809T141143Z HTTP/1.1 301 Moved Permanently Connection: close Content-Type: application/xml Date: Wed, 09 Aug 2023 14:11:43 GMT Server: AmazonS3 X-Amz-Bucket-Region: eu-central-1 X-Amz-Id-2: UK7wfeYi0HcTcytNvQ3wTAZ5ZP1mOSMnvRZ9Fz4xXzeNsS47NB/KfFx2unFxo3L7XckHpMNPPVo= X-Amz-Request-Id: S1V2MJV8SZ11GEVN ---------END-HTTP--------- ``` Co-authored-by: Heiko Besemann <heiko.besemann@qbeyond.de>
* Use template context function for avatar rendering (#26385)wxiaoguang2023-08-103-19/+25
| | | | Introduce `AvatarUtils`, no need to pass `$.Context` to every sub-template, and simplify the template helper functions.
* Fix admin queue page title (#26409)wxiaoguang2023-08-101-2/+7
| | | | | | | | | | | | | Fix #26408 ``` # locale_en-US.ini [admin] monitor.queues = Queues ``` --------- Co-authored-by: silverwind <me@silverwind.io>
* Pre-register OAuth2 applications for git credential helpers (#26291)Denys Konovalov2023-08-091-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | This PR is an extended implementation of #25189 and builds upon the proposal by @hickford in #25653, utilizing some ideas proposed internally by @wxiaoguang. Mainly, this PR consists of a mechanism to pre-register OAuth2 applications on startup, which can be enabled or disabled by modifying the `[oauth2].DEFAULT_APPLICATIONS` parameter in app.ini. The OAuth2 applications registered this way are being marked as "locked" and neither be deleted nor edited over UI to prevent confusing/unexpected behavior. Instead, they're being removed if no longer enabled in config. ![grafik](https://github.com/go-gitea/gitea/assets/47871822/81a78b1c-4b68-40a7-9e99-c272ebb8f62e) The implemented mechanism can also be used to pre-register other OAuth2 applications in the future, if wanted. Co-authored-by: hickford <mirth.hickford@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> --------- Co-authored-by: M Hickford <mirth.hickford@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Make `user-content-* ` consistent with github (#26388)CaiCandong2023-08-092-9/+64
| | | | | | Fix #26367 Related #19745 Thanks @lazyky for providing test cases