summaryrefslogtreecommitdiffstats
path: root/modules
Commit message (Collapse)AuthorAgeFilesLines
* Add some Unit-Tests (#14500)65432021-01-286-9/+306
| | | | | | | | | | | * fix url * modules/auth/pa: coverage: 40#.0% * modules/base coverage: 67.6% -> 89.9% * modules/cache coverage: 0% -> 12.0% * modules/convert coverage: 27.1% -> 29.7%
* Fix display since time round (#14226)Lunny Xiao2021-01-282-37/+152
| | | | | | | * Fix display since time round * Fix since time * Fix tests
* Fix JSON Header response (#14499)65432021-01-271-1/+1
|
* Fix access log (#14475)Lunny Xiao2021-01-277-15/+120
| | | | | | Fix #14121, #14478. The `AccessLog` middleware has to be after `Contexter` or `APIContexter` so that we can get `LoginUserName` if possible. And also there is a **BREAK** change that it removed internal API access log.
* Fix captcha (#14488)Lunny Xiao2021-01-274-46/+18
| | | | Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix switch language (#14484)Lunny Xiao2021-01-271-6/+4
| | | | Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix: url.Values map was not initialized (#14485)PhilAtWysdom2021-01-271-0/+3
| | | | | Values map was not initialized, leading to error 500 on submission of initial configuration Co-authored-by: 6543 <6543@obermui.de>
* [Feature] add precise search type for Elastic Search (#12869)Jui-Nan Lin2021-01-277-15/+36
| | | | | | | | * feat: add type query parameters for specifying precise search * feat: add select dropdown in search box Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Cron job to cleanup hook_task table (#13080)Brad Albright2021-01-262-0/+25
| | | | | | | | | Close **Prune hook_task Table (#10741)** Added a cron job to delete webhook deliveries in the hook_task table. It can be turned on/off and the schedule controlled globally via app.ini. The data can be deleted by either the age of the delivery which is the default or by deleting the all but the most recent deliveries _per webhook_. Note: I had previously submitted pr #11416 but I closed it when I realized that I had deleted per repository instead of per webhook. Also, I decided allowing the settings to be overridden via the ui was overkill. Also this version allows the deletion by age which is probably what most people would want.
* Move macaron to chi (#14293)Lunny Xiao2021-01-2654-1368/+2799
| | | | | | | | | | | | | | | | | | | | | | | | | | | Use [chi](https://github.com/go-chi/chi) instead of the forked [macaron](https://gitea.com/macaron/macaron). Since macaron and chi have conflicts with session share, this big PR becomes a have-to thing. According my previous idea, we can replace macaron step by step but I'm wrong. :( Below is a list of big changes on this PR. - [x] Define `context.ResponseWriter` interface with an implementation `context.Response`. - [x] Use chi instead of macaron, and also a customize `Route` to wrap chi so that the router usage is similar as before. - [x] Create different routers for `web`, `api`, `internal` and `install` so that the codes will be more clear and no magic . - [x] Use https://github.com/unrolled/render instead of macaron's internal render - [x] Use https://github.com/NYTimes/gziphandler instead of https://gitea.com/macaron/gzip - [x] Use https://gitea.com/go-chi/session which is a modified version of https://gitea.com/macaron/session and removed `nodb` support since it will not be maintained. **BREAK** - [x] Use https://gitea.com/go-chi/captcha which is a modified version of https://gitea.com/macaron/captcha - [x] Use https://gitea.com/go-chi/cache which is a modified version of https://gitea.com/macaron/cache - [x] Use https://gitea.com/go-chi/binding which is a modified version of https://gitea.com/macaron/binding - [x] Use https://github.com/go-chi/cors instead of https://gitea.com/macaron/cors - [x] Dropped https://gitea.com/macaron/i18n and make a new one in `code.gitea.io/gitea/modules/translation` - [x] Move validation form structs from `code.gitea.io/gitea/modules/auth` to `code.gitea.io/gitea/modules/forms` to avoid dependency cycle. - [x] Removed macaron log service because it's not need any more. **BREAK** - [x] All form structs have to be get by `web.GetForm(ctx)` in the route function but not as a function parameter on routes definition. - [x] Move Git HTTP protocol implementation to use routers directly. - [x] Fix the problem that chi routes don't support trailing slash but macaron did. - [x] `/api/v1/swagger` now will be redirect to `/api/swagger` but not render directly so that `APIContext` will not create a html render. Notices: - Chi router don't support request with trailing slash - Integration test `TestUserHeatmap` maybe mysql version related. It's failed on my macOS(mysql 5.7.29 installed via brew) but succeed on CI. Co-authored-by: 6543 <6543@obermui.de>
* Fix incorrect key name so registerManualConfirm setting works as expected. ↵Dofri Jónsson2021-01-261-1/+1
| | | | (#14455)
* Redirect on changed user and org name (#11649)Andrew Bezold2021-01-243-5/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add redirect for user * Add redirect for orgs * Add user redirect test * Appease linter * Add comment to DeleteUserRedirect function * Fix locale changes * Fix GetUserByParams * Fix orgAssignment * Remove debug logging * Add redirect prompt * Dont Export DeleteUserRedirect & only use it within a session * Unexport newUserRedirect * cleanup * Fix & Dedub API code * Format Template * Add Migration & rm dublicat * Refactor: unexport newRepoRedirect() & rm dedub del exec * if this fails we'll need to re-rename the user directory Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* just overload to not get it by mistake again ... (#14440)65432021-01-231-0/+5
|
* Enhance Ghost comment mitigation Settings (#14392)65432021-01-211-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | * refactor models.DeleteComment and delete related reactions too * use deleteComment for UserDeleteWithCommentsMaxDays in DeleteUser * nits * Use time.Duration as other time settings have * docs * Resolve Fixme & fix potential deadlock * Disabled by Default * Update Config Value Description * switch args * Update models/issue_comment.go Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net>
* Add support to migrate from gogs (#14342)65432021-01-2116-298/+861
| | | | | | | | | | | | | Add support to migrate gogs: * issues * comments * labels * milestones * wiki Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Andrew Thornton <art27@cantab.net>
* Display current stopwatch in navbar (#14122)Norwin2021-01-212-0/+4
| | | | | | | | | | | | | | | | | * add notification about running stopwatch to header * serialize seconds, duration in stopwatches api * ajax update stopwatch i should get my testenv working locally... * new variant: hover dialog * noscript compatibility * js: live-update stopwatch time * js live update robustness
* Add support for ed25519_sk and ecdsa_sk SSH keys (#13462)Artemis Tosini2021-01-201-1/+1
| | | | | | | | | | | | | | * Add support for ed25519_sk and ecdsa_sk SSH keys These start with sk-ssh-ed25519@openssh.com and sk-ecdsa-sha2-nistp256@openssh.com. They are supported in recent versions of go x/crypto/ssh and OpenSSH 8.2 or higher. * skip ssh-keygen Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net>
* Prevent panic on fuzzer provided string (#14405)zeripath2021-01-202-10/+53
| | | | | | | | | | | | | | | | | | | * Prevent panic on fuzzer provided string The fuzzer has found that providing a <body> tag with an attribute to PostProcess causes a panic. This PR removes any rendered html or body tags from the output. Signed-off-by: Andrew Thornton <art27@cantab.net> * Placate lint * placate lint again Signed-off-by: Andrew Thornton <art27@cantab.net> * minor cleanup Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix log http status is always zero (#14400)Lunny Xiao2021-01-191-0/+62
| | | | | | | * Fix log http status is always zero * Fix lint Co-authored-by: 6543 <6543@obermui.de>
* Add pager to the branches page (#14202)Chester Liu2021-01-192-0/+10
| | | | | | | | | | | * Add pager to the branches page * override pageSize if bigger than max * Make branches commit range configurable Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: silverwind <me@silverwind.io>
* Check if label template exist first (#14384)65432021-01-182-9/+22
| | | | | | | * add check * refactor * rollback repo on error after session closed
* Upgrade blevesearch dependency to v2.0.1 (#14346)Lauris BH2021-01-173-18/+18
| | | | | | | * Upgrade blevesearch dependency to v2.0.1 * Update rupture to v1.0.0 * Fix test
* Implement ghost comment mitigation (#14349)65432021-01-171-0/+2
| | | | | | | | | | | | | * Implement ghost comment mitigation Adds a config option USER_DELETE_WITH_COMMENTS_MAX_DAYS to the [service] section. See https://codeberg.org/Codeberg/Discussion/issues/24 for the underlying issue. * cleanup * use setting module correctly * add to docs Co-authored-by: Moritz Marquardt <git@momar.de>
* Sort issue search results by revelance (#14353)Lauris BH2021-01-163-3/+4
|
* Kd/fix allow svg doctype (#14344)Kyle D2021-01-152-2/+10
| | | | | | | | | * make svg regex case-insensitive & use strict word boundary * allow doctype svg * add doctype tests * allow <!DOCTYPE svg> and <svg/>
* Use IsProd instead of testing if it's equal. (#14336)Lunny Xiao2021-01-143-3/+7
| | | | Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net>
* Fix typo (#14332)Lunny Xiao2021-01-141-1/+1
|
* Display SVG files as images instead of text (#14101)Jonathan Tran2021-01-123-5/+105
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Change to display SVG files as images * Remove unsafe styles from SVG CSP * Add integration test to test SVG headers * Add config setting to disable SVG rendering * Add test for img tag when loading SVG image * Remove the Raw view button for svg files since we don't fully support this * Fix copyright year * Rename and move config setting * Add setting to cheat sheet in docs * Fix so that comment matches cheat sheet * Add allowing styles in CSP based on pull request feedback * Re-enable raw button since we show SVG styles now * Change so that SVG files are editable * Add UI to toggle between source and rendered image for SVGs * Change to show blame button for SVG images * Fix to update ctx data * Add test for DetectContentType when file is longer than sniffLen Co-authored-by: Jonathan Tran <jon@allspice.io> Co-authored-by: Kyle D <kdumontnu@gmail.com>
* Add option to change username to the admin panel (#14229)65432021-01-101-0/+1
| | | | | Co-authored-by: Bwko <bouwko@gmail.com> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: zeripath <art27@cantab.net>
* Do not reload page after adding comments in Pull Request reviews (#13877)Jimmy Praet2021-01-081-0/+1
| | | | | | | | | | | | | | | | Fixed #8861 * use ajax on PR review page * handle review comments * extract duplicate code FetchCodeCommentsByLine was initially more or less copied from fetchCodeCommentsByReview. Now they both use a common findCodeComments function instead * use the Engine that was passed into the method Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Lauris BH <lauris@nix.lv>
* Some code improvements (#14266)Lunny Xiao2021-01-061-3/+2
|
* Fix windows build error (#14263)Lunny Xiao2021-01-0610-43/+48
| | | | | | | | | | | * fix build * take flash error message back and fix more windows lint error * performance optimization * own step to check lint for windows Co-authored-by: 6543 <6543@obermui.de>
* Add option for administrator to reset user 2FA (#14243)65432021-01-051-0/+1
| | | | | | | * Frontend * Backend * only show 2FA-Reset option if posible
* Fix recovery middleware to render gitea style page. (#13857)Lunny Xiao2021-01-0519-126/+892
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Some changes to fix recovery * Move Recovery to middlewares * Remove trace code * Fix lint * add session middleware and remove dependent on macaron for sso * Fix panic 500 page rendering * Fix bugs * Fix fmt * Fix vendor * recover unnecessary change * Fix lint and addd some comments about the copied codes. * Use util.StatDir instead of com.StatDir Co-authored-by: 6543 <6543@obermui.de>
* Render links for commit hashes followed by comma (#14224)Nuno Silva2021-01-032-1/+7
| | | | | Regex test cases: https://regex101.com/r/mVbPxM/2/ fixes #14223
* Add MirrorInterval to the API (#14163)Paul Barton2021-01-026-21/+57
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Added MirrorInterval to the API * Remove MirrorInterval from CreateRepository * Removed Duplicate UpdateMirror Function * Updated Error Logging * Update Log Message for is not Mirror Co-authored-by: 6543 <6543@obermui.de> * Delete Debug Statement that snuck in Co-authored-by: zeripath <art27@cantab.net> * Add Check for If Interval is too small * Output to API Call * Add Error Object when time is Less than Min Interval * Frequency Error Message Co-authored-by: zeripath <art27@cantab.net> * Allow Zero Mirror Interval Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net>
* Send notifications for mentions in pulls, issues, (code-)comments (#14218)Jimmy Praet2021-01-028-43/+108
| | | | | Fixes #14187: mention handling extracted from email notification code Fixes #14013: add notification for mentions in pull request code comments Fixes #13450: Not receiving any emails with setting "Only Email on Mention"
* When visit /favicon.ico but the static file is not exist return 404 but not ↵Lunny Xiao2021-01-011-0/+1
| | | | | continue to handle the route (#14211) Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Consolidate Logos and update README header (#14136)silverwind2021-01-011-14/+4
| | | | | | | | | | | | | | | | | | | | * Consolidate Logos and update README header - Remove unused `logo-lg.png`, `logo-sm.png` and `logo-192.png`. - Consolidate `favicon.svg` and `logo.svg` to just `logo.svg`. - Remove Safari Mask icon, it seems to work fine with just `favicon.png` (no SVG support). - Remove Fluid Icon. It only served Firefox and SVG works just fine there. - Update customization instructions. - Update README.md to use SVG icon, increase logo size and center it and badges. * Update README_ZH.md Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> * Update README_ZH.md Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Minimal OpenID Connect implementation (#14139)Johnny Oskarsson2021-01-021-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | This is "minimal" in the sense that only the Authorization Code Flow from OpenID Connect Core is implemented. No discovery, no configuration endpoint, and no user scope management. OpenID Connect is an extension to the (already implemented) OAuth 2.0 protocol, and essentially an `id_token` JWT is added to the access token endpoint response when using the Authorization Code Flow. I also added support for the "nonce" field since it is required to be used in the id_token if the client decides to include it in its initial request. In order to enable this extension an OAuth 2.0 scope containing "openid" is needed. Other OAuth 2.0 requests should not be impacted by this change. This minimal implementation is enough to enable single sign-on (SSO) for other sites, e.g. by using something like `mod_auth_openidc` to only allow access to a CI server if a user has logged into Gitea. Fixes: #1310 Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
* Check for 'main' as potential default branch name (#14193)Chester Liu2020-12-301-0/+5
|
* Improve label and text wrapping (#14113)silverwind2020-12-291-1/+1
| | | | | | | | | | | | | | | | | | | | | * Improve label wrapping - Adjust issue list styles so labels can wrap on the same line as the text. This relies on `display: inline` with the HTML whitespace being used as the separator. - Add global word-break: break-word. This should generally avoid text overflows in various places. * add whitespace to history labels * use overflow-wrap * restore word-break rules * use correct pre * use better selector for middle align Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix bug of link query order on markdown render (#14156)Lunny Xiao2020-12-291-1/+1
| | | | | | | * Fix bug of link query order on markdown render * Fix bluemonday bug and fix one wrong test Co-authored-by: 6543 <6543@obermui.de>
* Custom icons for OAuth sources (#14161)Timo Ley2020-12-281-0/+1
| | | | | | | | | | | | | * Add Icon URL to Backend * Template for Icon URL * Localization & Edit Icon URL * Improve Custom Icon URL * Removed not working else Co-authored-by: 6543 <6543@obermui.de>
* Dump github/gitlab/gitea repository data to a local directory and restore to ↵Lunny Xiao2020-12-2722-216/+1161
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | gitea (#12244) * Dump github/gitlab repository data to a local directory * Fix lint * Adjust directory structure * Allow migration special units * Allow migration ignore release assets * Fix lint * Add restore repository * stage the changes * Merge * Fix lint * Update the interface * Add some restore methods * Finish restore * Add comments * Fix restore * Add a token flag * Fix bug * Fix test * Fix test * Fix bug * Fix bug * Fix lint * Fix restore * refactor downloader * fmt * Fix bug isEnd detection on getIssues * Refactor maxPerPage * Remove unused codes * Remove unused codes * Fix bug * Fix restore * Fix dump * Uploader should not depend downloader * use release attachment name but not id * Fix restore bug * Fix lint * Fix restore bug * Add a method of DownloadFunc for base.Release to make uploader not depend on downloader * fix Release yml marshal * Fix trace information * Fix bug when dump & restore * Save relative path on yml file * Fix bug * Use relative path * Update docs * Use git service string but not int * Recognize clone addr to service type
* Migration: drop to long repo topics (#14152)65432020-12-271-0/+9
|
* migrate from com.* to alternatives (#14103)65432020-12-256-26/+58
| | | | | | | | | | | | | | | * remove github.com/unknwon/com from models * dont use "com.ToStr()" * replace "com.ToStr" with "fmt.Sprint" where its easy to do * more refactor * fix test * just "proxy" Copy func for now * as per @lunny
* Fix creating OAuth2 auth source from CLI (#14116)Daniil Pankratov2020-12-241-0/+5
| | | | | | | | Fix creation OAuth2 auth source from CLI. Fix #8356 Co-authored-by: Daniil Pankratov <daniil.pankratov@t-systems.com>
* Improve vfsgen to not unzip bindata files but send to browser directly (#7109)Lunny Xiao2020-12-244-2/+102
| | | | | | | | | | | | | | | * Don't unzip files from bindata but send to browser directly * remove dependent for httpgzip * Add tests for parseAcceptEncoding * Update docs for ENABLE_GZIP * Fix bug * Fix bug Co-authored-by: zeripath <art27@cantab.net>
* API: Make BasicAuth Prefix case insensitive (#14106)65432020-12-231-1/+1
|