summaryrefslogtreecommitdiffstats
path: root/modules
Commit message (Collapse)AuthorAgeFilesLines
* Support comma-delimited string as labels in issue template (#21831)Jason Song2022-11-196-128/+354
| | | | | | | | | | | | | | | The [labels in issue YAML templates](https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms#top-level-syntax) can be a string array or a comma-delimited string, so a single string should be valid labels. The old codes committed in #20987 ignore this, that's why the warning is displayed: <img width="618" alt="image" src="https://user-images.githubusercontent.com/9418365/202112642-93dc72d0-71c3-40a2-9720-30fc2d48c97c.png"> Fixes #17877.
* Show syntax lexer name in file view/blame (#21814)silverwind2022-11-194-32/+78
| | | | | | | | | | | | | | | | | | | | | | Show which Chroma Lexer is used to highlight the file in the file header. It's useful for development to see what was detected, and I think it's not bad info to have for the user: <img width="233" alt="Screenshot 2022-11-14 at 22 31 16" src="https://user-images.githubusercontent.com/115237/201770854-44933dfc-70a4-487c-8457-1bb3cc43ea62.png"> <img width="226" alt="Screenshot 2022-11-14 at 22 36 06" src="https://user-images.githubusercontent.com/115237/201770856-9260ce6f-6c0f-442c-92b5-201e5b113188.png"> <img width="194" alt="Screenshot 2022-11-14 at 22 36 26" src="https://user-images.githubusercontent.com/115237/201770857-6f56591b-80ea-42cc-8ea5-21b9156c018b.png"> Also, I improved the way this header overflows on small screens: <img width="354" alt="Screenshot 2022-11-14 at 22 44 36" src="https://user-images.githubusercontent.com/115237/201774828-2ddbcde1-da15-403f-bf7a-6248449fa2c5.png"> Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Add `context.Context` to more methods (#21546)KN4CK3R2022-11-1917-587/+525
| | | | | | | This PR adds a context parameter to a bunch of methods. Some helper `xxxCtx()` methods got replaced with the normal name now. Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Prevent dangling user redirects (#21856)Gusted2022-11-181-0/+3
| | | | | | - It's possible that the `user_redirect` table contains a user id that no longer exists. - Delete a user redirect upon deleting the user. - Add a check for these dangling user redirects to check-db-consistency.
* Fix setting HTTP headers after write (#21833)KN4CK3R2022-11-181-23/+43
| | | The headers can't be modified after it was send to the client.
* Ignore issue template with a special name (#21830)Jason Song2022-11-162-3/+46
| | | | | | | | | | | | | | A file in `ISSUE_TEMPLATE` with the name `config.yml` shouldn't be treated as a YAML template, it's for [configuring the template chooser](https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser). The old code tried to ignore the file, but it didn't work, caused by #20987. That's why the warning is displayed: <img width="415" alt="image" src="https://user-images.githubusercontent.com/9418365/202094067-804c42fe-0e9e-4fc5-bf01-d95fa336f54f.png"> Note that this PR is not an implementation of `config.yml`, there will be another one to do it.
* Add `updated_at` field to PullReview API object (#21812)Yarden Shoham2022-11-152-0/+3
| | | | | | | | | * Closes #19997 Adds an `updated_at` time field to the `PullReview` API object to specify when the pull request review's state changed. Signed-off-by: Yarden Shoham <hrsi88@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Adjust gitea doctor --run storages to check all storage types (#21785)zeripath2022-11-153-24/+232
| | | | | | | | The doctor check `storages` currently only checks the attachment storage. This PR adds some basic garbage collection functionality for the other types of storage. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Prevent panic in doctor command when running default checks (#21791)zeripath2022-11-132-12/+24
| | | | | | | | | | | | | | | | There was a bug introduced in #21352 due to a change of behaviour caused by #19280. This causes a panic on running the default doctor checks because the panic introduced by #19280 assumes that the only way opts.StdOut and opts.Stderr can be set in RunOpts is deliberately. Unfortunately, when running a git.Command the provided RunOpts can be set, therefore if you share a common set of RunOpts these two values can be set by the previous commands. This PR stops using common RunOpts for the commands in that doctor check but secondly stops RunCommand variants from changing the provided RunOpts. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Allow detect whether it's in a database transaction for a context.Context ↵Lunny Xiao2022-11-123-4/+4
| | | | | | | | | | | | | | | | (#21756) Fix #19513 This PR introduce a new db method `InTransaction(context.Context)`, and also builtin check on `db.TxContext` and `db.WithTx`. There is also a new method `db.AutoTx` has been introduced but could be used by other PRs. `WithTx` will always open a new transaction, if a transaction exist in context, return an error. `AutoTx` will try to open a new transaction if no transaction exist in context. That means it will always enter a transaction if there is no error. Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: 6543 <6543@obermui.de>
* Adjust clone timeout error to suggest increasing timeout (#21769)zeripath2022-11-121-0/+4
| | | | | | | | | There are far too many error reports regarding timeouts from migrations. We should adjust error report to suggest increasing this timeout. Ref #20680 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add configuration for CORS allowed headers (#21747)Drew Noel2022-11-111-0/+2
| | | | | | | | | | This PR enhances the CORS middleware usage by allowing for the headers to be configured in `app.ini`. Fixes #21746 Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix dashboard ignored system setting cache (#21621)Lunny Xiao2022-11-105-129/+87
| | | | | | This is a performance regression from #18058 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net>
* Attempt clarify AppWorkPath etc. (#21656)zeripath2022-11-091-2/+2
| | | | | | | | | | Attempt clarify the AppWorkPath in the documentation by using different notation and adding a section to the start of the cheat sheet. Fix #21523 Signed-off-by: Andrew Thornton <art27@cantab.net> Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add package registry quota limits (#21584)KN4CK3R2022-11-092-1/+80
| | | | | | | | | | Related #20471 This PR adds global quota limits for the package registry. Settings for individual users/orgs can be added in a seperate PR using the settings table. Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Add attention blocks within quote blocks for `Note` and `Warning` (#21711)Yarden Shoham2022-11-093-0/+78
| | | | | | | | | | | | | | | | | | For each quote block, the first `**Note**` or `**Warning**` gets an icon prepended to it and its text is colored accordingly. GitHub does this (community/community#16925). [Initially requested on Discord.](https://discord.com/channels/322538954119184384/322538954119184384/1038816475638661181) ### Before ![image](https://user-images.githubusercontent.com/20454870/200408558-bd318302-6ff9-4d56-996f-9190e89013ec.png) ### After ![image](https://user-images.githubusercontent.com/20454870/200658863-1bac6461-dae7-4bf2-abd2-672d209574e4.png) Signed-off-by: Yarden Shoham <hrsi88@gmail.com> Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: silverwind <me@silverwind.io>
* Move svg html render to modules/svg (#21716)Lunny Xiao2022-11-083-49/+77
| | | | | Also added more checks for the render function. Co-authored-by: silverwind <me@silverwind.io>
* Improve valid user name check (#20136)wxiaoguang2022-11-045-1/+66
| | | | | | | | | | | | | Close https://github.com/go-gitea/gitea/issues/21640 Before: Gitea can create users like ".xxx" or "x..y", which is not ideal, it's already a consensus that dot filenames have special meanings, and `a..b` is a confusing name when doing cross repo compare. After: stricter Co-authored-by: Jason Song <i@wolfogre.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: delvh <dev.lh@web.de>
* Fix token generation when using INTERNAL_TOKEN_URI (#21669)wxiaoguang2022-11-031-1/+11
| | | | | | | | | | | Fix https://github.com/go-gitea/gitea/issues/21666 Caused by https://github.com/go-gitea/gitea/pull/19663 Before: when install, the INTERNAL_TOKEN was always generated and saved. But the internal token may be already there by INTERNAL_TOKEN_URI After: INTERNAL_TOKEN_URI file must be non-empty. When install, skip internal token generation if the token exists.
* Add Webhook authorization header (#20926)oliverpool2022-11-032-23/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | _This is a different approach to #20267, I took the liberty of adapting some parts, see below_ ## Context In some cases, a weebhook endpoint requires some kind of authentication. The usual way is by sending a static `Authorization` header, with a given token. For instance: - Matrix expects a `Bearer <token>` (already implemented, by storing the header cleartext in the metadata - which is buggy on retry #19872) - TeamCity #18667 - Gitea instances #20267 - SourceHut https://man.sr.ht/graphql.md#authentication-strategies (this is my actual personal need :) ## Proposed solution Add a dedicated encrypt column to the webhook table (instead of storing it as meta as proposed in #20267), so that it gets available for all present and future hook types (especially the custom ones #19307). This would also solve the buggy matrix retry #19872. As a first step, I would recommend focusing on the backend logic and improve the frontend at a later stage. For now the UI is a simple `Authorization` field (which could be later customized with `Bearer` and `Basic` switches): ![2022-08-23-142911](https://user-images.githubusercontent.com/3864879/186162483-5b721504-eef5-4932-812e-eb96a68494cc.png) The header name is hard-coded, since I couldn't fine any usecase justifying otherwise. ## Questions - What do you think of this approach? @justusbunsi @Gusted @silverwind - ~~How are the migrations generated? Do I have to manually create a new file, or is there a command for that?~~ - ~~I started adding it to the API: should I complete it or should I drop it? (I don't know how much the API is actually used)~~ ## Done as well: - add a migration for the existing matrix webhooks and remove the `Authorization` logic there _Closes #19872_ Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: delvh <dev.lh@web.de>
* feat: notify doers of a merge when automerging (#21553)kolaente2022-11-038-2/+47
| | | | | | | | | | | | | | | | | | | | | | I found myself wondering whether a PR I scheduled for automerge was actually merged. It was, but I didn't receive a mail notification for it - that makes sense considering I am the doer and usually don't want to receive such notifications. But ideally I want to receive a notification when a PR was merged because I scheduled it for automerge. This PR implements exactly that. The implementation works, but I wonder if there's a way to avoid passing the "This PR was automerged" state down so much. I tried solving this via the database (checking if there's an automerge scheduled for this PR when sending the notification) but that did not work reliably, probably because sending the notification happens async and the entry might have already been deleted. My implementation might be the most straightforward but maybe not the most elegant. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Merge db.Iterate and IterateObjects (#21641)Lunny Xiao2022-10-314-13/+7
| | | These two functions are similiar, merge them.
* Deal with markdown template without metadata (#21639)Jason Song2022-10-312-10/+24
| | | | | | | | | | | | | | Fixed #21636. Related to #20987. A markdown template without metadata should not be treated as an invalid template. And this PR fixed another bug that non-template files(neither .md nor .yaml) are treated as yaml files. <img width="504" alt="image" src="https://user-images.githubusercontent.com/9418365/198968668-40082fa1-4f25-4d3e-9b73-1dbf6d1a7521.png">
* Keep languages defined in .gitattributes (#21403)KN4CK3R2022-10-292-19/+51
| | | | | | | | | | | | | Fixes #21377 This marks all "defined" languages in the `.gitattributes` file so they are not removed if they are not of type `programming` or `markup`. ![grafik](https://user-images.githubusercontent.com/1666336/194942021-1e641b60-bb8a-49c6-9a1c-413e7c4ba17d.png) Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Sync git hooks when config file path changed (#21619)Jason Song2022-10-281-1/+2
| | | | | | | | A patch to #17335. Just like AppPath, Gitea writes its own CustomConf into git hook scripts too. If Gitea's CustomConf changes, then the git push may fail. Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Allow disable sitemap (#21617)Xinyu Zhou2022-10-281-0/+2
| | | | | | | This patch provide a mechanism to disable [sitemap](https://github.com/go-gitea/gitea/pull/18407). Signed-off-by: Xinyu Zhou <i@sourcehut.net> Co-authored-by: 6543 <6543@obermui.de>
* Use right syntax for symbolic-ref command (#21577)Clar Fon2022-10-281-1/+1
| | | | | | | Follow-up to #21352: when testing this out, I found out that the syntax for the `symbolic-ref` command was different than originally assumed in that PR. Never got around to submitting a PR until now. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Revert: auto generate INTERNAL_TOKEN (#21608)wxiaoguang2022-10-281-0/+19
| | | | | | | | Follow #19663 Some users do cluster deployment, they still depend on this auto-generating behavior. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix `Timestamp.IsZero` (#21593)KN4CK3R2022-10-261-1/+1
| | | | | | | | | | Our implementation of `IsZero` can't work. An "empty" timestamp (= 0) calls `time.Unix(int64(ts), 0).IsZero()` which is always `false`. Only `time.Time{}.IsZero()` is `true`. We call this method ~~only at one place~~ and there the value (`UpdatedUnix`) should be always != 0 so this PR may not have consequences. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551)delvh2022-10-2446-169/+169
| | | | | | | | | Found using `find . -type f -name '*.go' -print -exec vim {} -c ':%s/fmt\.Errorf(\(.*\)%v\(.*\)err/fmt.Errorf(\1%w\2err/g' -c ':wq' \;` Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix package access for admins and inactive users (#21580)KN4CK3R2022-10-241-3/+6
| | | | | | | | I noticed an admin is not allowed to upload packages for other users because `ctx.IsSigned` was not set. I added a check for `user.IsActive` and `user.ProhibitLogin` too because both was not checked. Tests enforce this now. Co-authored-by: Lauris BH <lauris@nix.lv>
* Record OAuth client type at registration (#21316)M Hickford2022-10-242-14/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The OAuth spec [defines two types of client](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1), confidential and public. Previously Gitea assumed all clients to be confidential. > OAuth defines two client types, based on their ability to authenticate securely with the authorization server (i.e., ability to > maintain the confidentiality of their client credentials): > > confidential > Clients capable of maintaining the confidentiality of their credentials (e.g., client implemented on a secure server with > restricted access to the client credentials), or capable of secure client authentication using other means. > > **public > Clients incapable of maintaining the confidentiality of their credentials (e.g., clients executing on the device used by the resource owner, such as an installed native application or a web browser-based application), and incapable of secure client authentication via any other means.** > > The client type designation is based on the authorization server's definition of secure authentication and its acceptable exposure levels of client credentials. The authorization server SHOULD NOT make assumptions about the client type. https://datatracker.ietf.org/doc/html/rfc8252#section-8.4 > Authorization servers MUST record the client type in the client registration details in order to identify and process requests accordingly. Require PKCE for public clients: https://datatracker.ietf.org/doc/html/rfc8252#section-8.1 > Authorization servers SHOULD reject authorization requests from native apps that don't use PKCE by returning an error message Fixes #21299 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Refactor git command arguments and make all arguments to be safe to be used ↵wxiaoguang2022-10-2334-244/+266
| | | | | | | (#21535) Follow #21464 Make all git command arguments strictly safe. Most changes are one-to-one replacing, keep all existing logic.
* Add link to user profile in markdown mention only if user exists (#21533)Yarden Shoham2022-10-233-3/+24
| | | | | | | | | | | Previously mentioning a user would link to its profile, regardless of whether the user existed. This change tests if the user exists and only if it does - a link to its profile is added. * Fixes #3444 Signed-off-by: Yarden Shoham <hrsi88@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Remove unnecessary debug log (#21536)Yarden Shoham2022-10-221-4/+0
| | | | | | | | It distractingly shows up on unit tests * Looks like a leftover from #20571 Signed-off-by: Yarden Shoham <hrsi88@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Decouple HookTask from Repository (#17940)KN4CK3R2022-10-211-109/+81
| | | | | | | | | | | | | At the moment a repository reference is needed for webhooks. With the upcoming package PR we need to send webhooks without a repository reference. For example a package is uploaded to an organization. In theory this enables the usage of webhooks for future user actions. This PR removes the repository id from `HookTask` and changes how the hooks are processed (see `services/webhook/deliver.go`). In a follow up PR I want to remove the usage of the `UniqueQueue´ and replace it with a normal queue because there is no reason to be unique. Co-authored-by: 6543 <6543@obermui.de>
* Add color previews in markdown (#21474)Yarden Shoham2022-10-214-2/+135
| | | | | | | | | | | | | | | | | | | | | | * Resolves #3047 Every time a color code will be in \`backticks`, a cute little color preview will pop up [Inspiration](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#supported-color-models) #### Before ![image](https://user-images.githubusercontent.com/20454870/196631524-298afbbf-d2c8-4018-92a5-0393a693d850.png) #### After ![image](https://user-images.githubusercontent.com/20454870/196631397-36c561e4-08f5-465a-a36e-76084e30b08a.png) Signed-off-by: Yarden Shoham <hrsi88@gmail.com> Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix generating compare link (#21519)Lunny Xiao2022-10-211-0/+13
| | | | | Fix #6318 Co-authored-by: zeripath <art27@cantab.net>
* Remove unnecessary misspell ignore pattern (#21475)wxiaoguang2022-10-183-3/+3
| | | It doesn't make sense to ignore the pattern again and again.
* Make every not exist error unwrappable to a fs.ErrNotExist (#20891)zeripath2022-10-183-3/+52
| | | | | | | | | | | | | | | | | | | | A lot of our code is repeatedly testing if individual errors are specific types of Not Exist errors. This is repetitative and unnecesary. `Unwrap() error` provides a common way of labelling an error as a NotExist error and we can/should use this. This PR has chosen to use the common `io/fs` errors e.g. `fs.ErrNotExist` for our errors. This is in some ways not completely correct as these are not filesystem errors but it seems like a reasonable thing to do and would allow us to simplify a lot of our code to `errors.Is(err, fs.ErrNotExist)` instead of `package.IsErr...NotExist(err)` I am open to suggestions to use a different base error - perhaps `models/db.ErrNotExist` if that would be felt to be better. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: delvh <dev.lh@web.de>
* probe if sha before exec git (#21467)65432022-10-172-2/+23
|
* Add system setting table with cache and also add cache supports for user ↵Lunny Xiao2022-10-1711-50/+133
| | | | setting (#18058)
* Display total commit count in hook message (#21400)KN4CK3R2022-10-172-27/+30
| | | | | | | | | Fixes #21379 The commits are capped by `setting.UI.FeedMaxCommitNum` so `len(commits)` is not the correct number. So this PR adds a new `TotalCommits` field. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add `code` highlighting in issue titles (#21432)Yarden Shoham2022-10-161-0/+11
| | | | | | | | | | | | This changes the rendering logic of issue titles. If a substring in an issue title is enclosed with a pair of backticks, it'll be rendered with a monospace font (HTML `code` tag). * Closes #20887 Signed-off-by: Yarden Shoham <hrsi88@gmail.com> Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: 6543 <6543@obermui.de>
* Follow improve code quality (#21465)wxiaoguang2022-10-152-12/+24
| | | | | | After some discussion, introduce a new slice `brokenArgs` to make `gitCmd.Run()` return errors if any dynamic argument is invalid. Co-authored-by: delvh <dev.lh@web.de>
* alternative to PR "improve code quality" (#21464)wxiaoguang2022-10-156-25/+52
| | | | | This PR doesn't require new git version, and can be backported easily. Co-authored-by: 6543 <6543@obermui.de>
* Add support for Chocolatey/NuGet v2 API (#21393)KN4CK3R2022-10-131-12/+14
| | | | | | | | Fixes #21294 This PR adds support for NuGet v2 API. Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add HEAD fix to gitea doctor (#21352)Clar Fon2022-10-121-0/+91
| | | | | | | | | | | | | | | | Due to a bug in presumably an older version of Gitea, multiple of my repositories still have their HEADs pointing to a `master` branch while the default branch on the UI is listed as `main`. This adds a `gitea doctor` command that will fix all of the HEAD references for repos when they're not synchronized with the default branch in the DB. This will help with cloning to ensure that git automatically checks out the right branch, instead of a nonexistent one. Note: I'm not sure if I actually need to do more other than add a file here. Will try testing this out on my server soon. Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add generic set type (#21408)KN4CK3R2022-10-1219-114/+174
| | | | | This PR adds a generic set type to get rid of maps used as sets. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Use Name instead of DisplayName in LFS Lock (#21415)KN4CK3R2022-10-111-1/+1
| | | | | Fixes #21268 Co-authored-by: techknowlogick <techknowlogick@gitea.io>