summaryrefslogtreecommitdiffstats
path: root/modules
Commit message (Collapse)AuthorAgeFilesLines
* Add Password Algorithm option to install page (#14701)zeripath2021-02-161-0/+2
| | | | | | | Add Password Algorithm option to install page Fix #14674 Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Restore detection of branches are equal on compare page (#14586)zeripath2021-02-161-3/+16
| | | | | | | | Somehow the test for detecting if branches are equal broke this PR restores this functionality. Fix #14502 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Create DB session provider(based on xorm) (#13031)zeripath2021-02-153-1/+175
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Create Xorm session provider This PR creates a Xorm session provider which creates the appropriate Session table for macaron/session. Fix #7137 Signed-off-by: Andrew Thornton <art27@cantab.net> * extraneous l Signed-off-by: Andrew Thornton <art27@cantab.net> * fix lint Signed-off-by: Andrew Thornton <art27@cantab.net> * use key instead of ID to be compatible with go-macaron/session Signed-off-by: Andrew Thornton <art27@cantab.net> * And change the migration too. Signed-off-by: Andrew Thornton <art27@cantab.net> * Update spacing of imports Co-authored-by: 6543 <6543@obermui.de> * Update modules/session/xorm.go Co-authored-by: techknowlogick <matti@mdranta.net> * add xorm provider to the virtual provider Signed-off-by: Andrew Thornton <art27@cantab.net> * prep for master merge * prep for merge master * As per @lunny * move migration out of the way * Move to call this db session as per @lunny Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Allow blocking some email domains from registering an account (#14667)Damien Goutte-Gattat2021-02-153-16/+51
| | | | | | | | | Gitea allows to whitelist email domains so that only email addresses from certain domains are allowed to register an account, but does not currently allows to do the opposite: blacklisting email domains so that addresses from certain domains are *forbidden* to register an account. The idea has been briefly mentioned in the discussion about issue #6350, but never implemented. This PR does that. The rationale is that, in my experience of running a Gitea instance, *a single email domain* is responsible for *most* of the spam accounts, and for *all* of the spam accounts that manage to get past the email confirmation step. So on top of the other spam mitigation measures already available (email confirmation, CAPTCHA, etc.), having the option to block a particularly annoying domain would be helpful. close #13628
* Prevent template renderer from rendering error (#14646)zeripath2021-02-131-6/+7
| | | | | | | | | | | When there is a panic during template rendering unrolled/render will automatically render the error. This leads to the panic being displayed in the page and not a 500 page Fix #14467 Fix #14525 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Prevent race in PersistableChannelUniqueQueue.Has (#14651)zeripath2021-02-131-0/+5
| | | | | | | | | | | There is potentially a race with a slow starting internal queue causing a NPE if Has is checked before the internal queue has been setup. This PR adds a lock on the Has() fn. Fix #14311 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Turn default hash password algorightm back to pbkdf2 from argon2 until we ↵Lunny Xiao2021-02-131-1/+1
| | | | | | | found a better one (#14673) * Turn default hash password algorightm back to pbkdf2 from argon2 until we found a better one * Add a warning on document
* rm gogs relict (#14665)65432021-02-141-6/+0
|
* Added option to disable webhooks (#13176)Paweł Bogusławski2021-02-112-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Added option to disable web hooks This mod introduces DISABLE_WEB_HOOKS parameter in [security] section of app.ini (by default set to false). If set to true it disables web hooks feature. Any existing undelivered web hook tasks will be cancelled. Any existing web hook definitions will be left untouched in db but its delivery tasks will be ignored. Author-Change-Id: IB#1105130 * Webhook spelling fixed Webhook spelling fixed. Fixes: 07df6614dc84cdd2e9f39c57577fa1062bd70012 Related: https://github.com/go-gitea/gitea/pull/13176#pullrequestreview-510868421 Author-Change-Id: IB#1105174 * Parameter description fixed Parameter description fixed. Fixes: 07df6614dc84cdd2e9f39c57577fa1062bd70012 Related: https://github.com/go-gitea/gitea/pull/13176#pullrequestreview-514086107 Author-Change-Id: IB#1105174
* Add dismiss review feature (#12674)a10121127962021-02-1110-0/+62
| | | | | | | | | | | | | | | * Add dismiss review feature refs: https://github.blog/2016-10-12-dismissing-reviews-on-pull-requests/ https://developer.github.com/v3/pulls/reviews/#dismiss-a-review-for-a-pull-request * change modal ui and error message * Add unDismissReview api Signed-off-by: a1012112796 <1012112796@qq.com> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
* Sort / Move project boards (#14634)Romain2021-02-111-4/+4
| | | Sort Project board (#14533)
* [Vendor] Update go-redis to v8.5.0 (#13749)65432021-02-107-47/+78
| | | | | | | | | | | | | | | | | | | | | * Update go-redis to v8.4.0 * github.com/go-redis/redis/v8 v8.4.0 -> v8.5.0 * Apply suggestions from code review Co-authored-by: zeripath <art27@cantab.net> * TODO * Use the Queue termination channel as the default context for pushes Signed-off-by: Andrew Thornton <art27@cantab.net> * missed one Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net>
* Do not assume all 40 char strings are SHA1s (#14624)zeripath2021-02-101-11/+15
| | | | | | | | | | GetCommit() assumes that all 40 char strings are SHA1s. This leads to an error if you try to do a PR on a branch which is 40 characters long. This PR attempts the SHA first - and if it fails will switch to using rev-parse. Fix #14470 Signed-off-by: Andrew Thornton <art27@cantab.net>
* HasPreviousCommit causes recursive load of commits unnecessarily (#14598)zeripath2021-02-102-13/+50
| | | | | | | | This PR improves HasPreviousCommit to prevent the automatic and recursive loading of previous commits using git merge-base --is-ancestor and git rev-list Fix #13684 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Prevent adding nil label to .AddedLabels or .RemovedLabels (#14623)zeripath2021-02-102-0/+22
| | | | | | | | | | | | | | | | | | * Prevent adding nil label to .AddedLabels or .RemovedLabels There are possibly a few old databases out there with malmigrated data that can cause panics with empty labels being migrated. This PR adds a few tests to prevent nil labels being added. Fix #14466 Signed-off-by: Andrew Thornton <art27@cantab.net> * Add doctor command to remove the broken label comments Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
* Ensure memcache TTL cannot be over 30 days (#14592)zeripath2021-02-096-9/+28
| | | | | | | | | | Memcached TTL cannot be > 30 days and if it is attempted the TTL is interpreted as a unix timestamp. This PR ensures that the TTL is switched to a unix timestamp in those cases. Fix #14571 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Remove spurious DataAsync Error logging (#14599)zeripath2021-02-071-3/+0
| | | | | | | Breaking the pipe is a valid way of killing a piped command and any error from a broken cat-file batch command should be passed back up to the writer any way therefore specifically logging it is unnecessary. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix rate limit bug when downloading assets on migrating from github (#14564)Lunny Xiao2021-02-071-0/+5
|
* [API] Add affected files of commits to commit struct (#14579)65432021-02-072-5/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | * Add files affected by a commit to gitea API -- similar to github * Add files affected by a commit to gitea API * Fix stupid error * Fix other stupid typo * Generate swagger tmpl * Comply with convert to git commit refacto * update swagger docs * extend test * format code * Update integrations/api_repo_git_commits_test.go * Update modules/convert/git_commit.go Co-authored-by: Laurent Cahour <laurent.cahour@dont-nod.com> Co-authored-by: zeripath <art27@cantab.net>
* Fix locale init (#14582)John Olheiser2021-02-051-2/+9
| | | | | | | just log if lang is already loaded since we can not reload it Co-authored-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net>
* Reduce data races (#14549)65432021-02-033-6/+18
| | | | | | | | | | | * Add race conditions into test * Fix Race in GetManager() * DataAsync() use error chan * just log no chan * finish
* [API] Add pagination to ListBranches (#14524)65432021-02-0310-31/+172
| | | | | | | | | | | | | | | | | | * make PaginateUserSlice generic -> PaginateSlice * Add pagination to ListBranches * add skip, limit to Repository.GetBranches() * Move routers/api/v1/utils/utils PaginateSlice -> modules/util/paginate.go * repo_module.GetBranches paginate * fix & rename & more logging * better description Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: a1012112796 <1012112796@qq.com>
* Internal ssh server respect Ciphers, MACs and KeyExchanges settings (#14523)Stefan2021-01-301-3/+7
|
* Move middlewares to web/middleware (#14480)Lunny Xiao2021-01-3021-115/+115
| | | Co-authored-by: 6543 <6543@obermui.de>
* Add Doctor FixWrongUserType (#14522)65432021-01-291-0/+40
| | | | | * Add Doctor FixWrongUserType * use NoAutoTime
* Update docs and comments to remove macaron (#14491)Lunny Xiao2021-01-2912-21/+18
|
* Fix json charset bug (#14514)Lunny Xiao2021-01-291-2/+2
|
* enhancement: add signoff option in commit form (#14516)a10121127962021-01-296-8/+23
| | | Signed-off-by: a1012112796 <1012112796@qq.com>
* Fix load time bug (#14508)Lunny Xiao2021-01-291-4/+10
|
* Add some Unit-Tests (#14500)65432021-01-286-9/+306
| | | | | | | | | | | * fix url * modules/auth/pa: coverage: 40#.0% * modules/base coverage: 67.6% -> 89.9% * modules/cache coverage: 0% -> 12.0% * modules/convert coverage: 27.1% -> 29.7%
* Fix display since time round (#14226)Lunny Xiao2021-01-282-37/+152
| | | | | | | * Fix display since time round * Fix since time * Fix tests
* Fix JSON Header response (#14499)65432021-01-271-1/+1
|
* Fix access log (#14475)Lunny Xiao2021-01-277-15/+120
| | | | | | Fix #14121, #14478. The `AccessLog` middleware has to be after `Contexter` or `APIContexter` so that we can get `LoginUserName` if possible. And also there is a **BREAK** change that it removed internal API access log.
* Fix captcha (#14488)Lunny Xiao2021-01-274-46/+18
| | | | Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix switch language (#14484)Lunny Xiao2021-01-271-6/+4
| | | | Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix: url.Values map was not initialized (#14485)PhilAtWysdom2021-01-271-0/+3
| | | | | Values map was not initialized, leading to error 500 on submission of initial configuration Co-authored-by: 6543 <6543@obermui.de>
* [Feature] add precise search type for Elastic Search (#12869)Jui-Nan Lin2021-01-277-15/+36
| | | | | | | | * feat: add type query parameters for specifying precise search * feat: add select dropdown in search box Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Cron job to cleanup hook_task table (#13080)Brad Albright2021-01-262-0/+25
| | | | | | | | | Close **Prune hook_task Table (#10741)** Added a cron job to delete webhook deliveries in the hook_task table. It can be turned on/off and the schedule controlled globally via app.ini. The data can be deleted by either the age of the delivery which is the default or by deleting the all but the most recent deliveries _per webhook_. Note: I had previously submitted pr #11416 but I closed it when I realized that I had deleted per repository instead of per webhook. Also, I decided allowing the settings to be overridden via the ui was overkill. Also this version allows the deletion by age which is probably what most people would want.
* Move macaron to chi (#14293)Lunny Xiao2021-01-2654-1368/+2799
| | | | | | | | | | | | | | | | | | | | | | | | | | | Use [chi](https://github.com/go-chi/chi) instead of the forked [macaron](https://gitea.com/macaron/macaron). Since macaron and chi have conflicts with session share, this big PR becomes a have-to thing. According my previous idea, we can replace macaron step by step but I'm wrong. :( Below is a list of big changes on this PR. - [x] Define `context.ResponseWriter` interface with an implementation `context.Response`. - [x] Use chi instead of macaron, and also a customize `Route` to wrap chi so that the router usage is similar as before. - [x] Create different routers for `web`, `api`, `internal` and `install` so that the codes will be more clear and no magic . - [x] Use https://github.com/unrolled/render instead of macaron's internal render - [x] Use https://github.com/NYTimes/gziphandler instead of https://gitea.com/macaron/gzip - [x] Use https://gitea.com/go-chi/session which is a modified version of https://gitea.com/macaron/session and removed `nodb` support since it will not be maintained. **BREAK** - [x] Use https://gitea.com/go-chi/captcha which is a modified version of https://gitea.com/macaron/captcha - [x] Use https://gitea.com/go-chi/cache which is a modified version of https://gitea.com/macaron/cache - [x] Use https://gitea.com/go-chi/binding which is a modified version of https://gitea.com/macaron/binding - [x] Use https://github.com/go-chi/cors instead of https://gitea.com/macaron/cors - [x] Dropped https://gitea.com/macaron/i18n and make a new one in `code.gitea.io/gitea/modules/translation` - [x] Move validation form structs from `code.gitea.io/gitea/modules/auth` to `code.gitea.io/gitea/modules/forms` to avoid dependency cycle. - [x] Removed macaron log service because it's not need any more. **BREAK** - [x] All form structs have to be get by `web.GetForm(ctx)` in the route function but not as a function parameter on routes definition. - [x] Move Git HTTP protocol implementation to use routers directly. - [x] Fix the problem that chi routes don't support trailing slash but macaron did. - [x] `/api/v1/swagger` now will be redirect to `/api/swagger` but not render directly so that `APIContext` will not create a html render. Notices: - Chi router don't support request with trailing slash - Integration test `TestUserHeatmap` maybe mysql version related. It's failed on my macOS(mysql 5.7.29 installed via brew) but succeed on CI. Co-authored-by: 6543 <6543@obermui.de>
* Fix incorrect key name so registerManualConfirm setting works as expected. ↵Dofri Jónsson2021-01-261-1/+1
| | | | (#14455)
* Redirect on changed user and org name (#11649)Andrew Bezold2021-01-243-5/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add redirect for user * Add redirect for orgs * Add user redirect test * Appease linter * Add comment to DeleteUserRedirect function * Fix locale changes * Fix GetUserByParams * Fix orgAssignment * Remove debug logging * Add redirect prompt * Dont Export DeleteUserRedirect & only use it within a session * Unexport newUserRedirect * cleanup * Fix & Dedub API code * Format Template * Add Migration & rm dublicat * Refactor: unexport newRepoRedirect() & rm dedub del exec * if this fails we'll need to re-rename the user directory Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* just overload to not get it by mistake again ... (#14440)65432021-01-231-0/+5
|
* Enhance Ghost comment mitigation Settings (#14392)65432021-01-211-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | * refactor models.DeleteComment and delete related reactions too * use deleteComment for UserDeleteWithCommentsMaxDays in DeleteUser * nits * Use time.Duration as other time settings have * docs * Resolve Fixme & fix potential deadlock * Disabled by Default * Update Config Value Description * switch args * Update models/issue_comment.go Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net>
* Add support to migrate from gogs (#14342)65432021-01-2116-298/+861
| | | | | | | | | | | | | Add support to migrate gogs: * issues * comments * labels * milestones * wiki Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Andrew Thornton <art27@cantab.net>
* Display current stopwatch in navbar (#14122)Norwin2021-01-212-0/+4
| | | | | | | | | | | | | | | | | * add notification about running stopwatch to header * serialize seconds, duration in stopwatches api * ajax update stopwatch i should get my testenv working locally... * new variant: hover dialog * noscript compatibility * js: live-update stopwatch time * js live update robustness
* Add support for ed25519_sk and ecdsa_sk SSH keys (#13462)Artemis Tosini2021-01-201-1/+1
| | | | | | | | | | | | | | * Add support for ed25519_sk and ecdsa_sk SSH keys These start with sk-ssh-ed25519@openssh.com and sk-ecdsa-sha2-nistp256@openssh.com. They are supported in recent versions of go x/crypto/ssh and OpenSSH 8.2 or higher. * skip ssh-keygen Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net>
* Prevent panic on fuzzer provided string (#14405)zeripath2021-01-202-10/+53
| | | | | | | | | | | | | | | | | | | * Prevent panic on fuzzer provided string The fuzzer has found that providing a <body> tag with an attribute to PostProcess causes a panic. This PR removes any rendered html or body tags from the output. Signed-off-by: Andrew Thornton <art27@cantab.net> * Placate lint * placate lint again Signed-off-by: Andrew Thornton <art27@cantab.net> * minor cleanup Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix log http status is always zero (#14400)Lunny Xiao2021-01-191-0/+62
| | | | | | | * Fix log http status is always zero * Fix lint Co-authored-by: 6543 <6543@obermui.de>
* Add pager to the branches page (#14202)Chester Liu2021-01-192-0/+10
| | | | | | | | | | | * Add pager to the branches page * override pageSize if bigger than max * Make branches commit range configurable Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: silverwind <me@silverwind.io>
* Check if label template exist first (#14384)65432021-01-182-9/+22
| | | | | | | * add check * refactor * rollback repo on error after session closed
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-31 03:16:30 +0000