summaryrefslogtreecommitdiffstats
path: root/modules
Commit message (Collapse)AuthorAgeFilesLines
* Extract constant names out for the ReverseProxy and Basic authentication ↵zeripath2021-11-202-2/+2
| | | | | | | | | methods (#17735) In order to reduce load on the GC extract out the constant names of the Basic and ReverseProxy methods. As mentioned in https://github.com/go-gitea/gitea/pull/15119#discussion_r730352176 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Enable show more files in diff for git <2.31 (#17733)zeripath2021-11-201-1/+1
| | | | | | | | | | | | | Unfortunately due to a misread on my behalf I missed that git diff only learned --skip-to in version 2.31.0. Thus this functionality was not working on older versions of git. This PR adds a handler that simply allows for us to skip reading the diffs until we find the correct file to skip to. Fix #17731 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Use `hostmatcher` to replace `matchlist`, improve security (#17605)wxiaoguang2021-11-2010-140/+247
| | | | | Use hostmacher to replace matchlist. And we introduce a better DialContext to do a full host/IP check, otherwise the attackers can still bypass the allow/block list by a 302 redirection.
* Make SSL cipher suite configurable (#17440)zeripath2021-11-203-44/+11
|
* Fix correct usage of teams (#17732)Gusted2021-11-201-0/+6
| | | | | | | - `.Teams` isn't a field on the User type, thus using the seperate loaded teams. - Add a space between `PathEscape` and argument. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Better builtin avatar generator (#17707)wxiaoguang2021-11-207-17/+1109
| | | | | | | This PR fixes the builtin avatar generator. 1. The random background color makes some images very dirty. So now we only use white background for avatars. 2. We use left-right mirror avatars to satisfy #14799 3. Fix a small padding error in the algorithm
* Add settings to allow different SMTP envelope from address (#17479)zeripath2021-11-191-7/+25
| | | | | | | | | | | * Add settings to allow different SMTP envelope from address Sometimes it may be advisable to hide or alias the from address on an SMTP mail envelope. This PR adds two new options to the mailer to allow setting of an overriding from address. Fix #17477 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Move attachment into models/repo/ (#17650)Lunny Xiao2021-11-193-5/+7
| | | | | | | * Move attachment into models/repo/ * Fix test * Fix bug
* Use a standalone struct name for Organization (#17632)Lunny Xiao2021-11-195-21/+16
| | | | | | | | | | | | | | | | | | | | | * Use a standalone struct name for Organization * recover unnecessary change * make the code readable * Fix template failure * Fix template failure * Move HasMemberWithUserID to org * Fix test * Remove unnecessary user type check * Fix test Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Prevent double sanitize (#16386)KN4CK3R2021-11-193-64/+48
| | | | | | | | * Prevent double sanitize. * Use SanitizeReaderToWriter. At the moment `actualRender` uses `SanitizeReader` to sanitize the output. But `SanitizeReader` gets called in `markup.render` too so the output gets sanitized twice. I moved the `SanitizeReader` call into `RenderRaw` because this method does not use `markup.render`. I would like to remove the `RenderRaw`/`RenderRawString` methods too because they are only called from tests, the fuzzer and the `/markup/raw` api endpoint. This endpoint is not in use so I think we could remove them. If we really in the future need a method to render markdown without PostProcessing we could achieve this with a more flexible `renderer.NeedPostProcess` method.
* Prevent deadlock in TestPersistableChannelQueue (#17717)zeripath2021-11-191-0/+33
| | | | | | | | | | | | * Prevent deadlock in TestPersistableChannelQueue There is a potential deadlock in TestPersistableChannelQueue due to attempting to shutdown the test queue before it is ready. Signed-off-by: Andrew Thornton <art27@cantab.net> * prevent npe Signed-off-by: Andrew Thornton <art27@cantab.net>
* Move user/org deletion to services (#17673)KN4CK3R2021-11-191-1/+2
|
* Simplify code for wrting SHA to name-rev (#17696)Gusted2021-11-181-17/+8
|
* Move task from modules to services (#17680)Lunny Xiao2021-11-182-273/+0
|
* Move user functions into user.go (#17659)Lunny Xiao2021-11-181-6/+7
| | | | | * Move user functions into user.go * Fix test
* Remove unnecessary variable assignments (#17695)Gusted2021-11-183-6/+2
| | | | | | | | | | * Remove unnecessary variable assignments As title * enable ineffassign Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fixed commit count. (#17698)KN4CK3R2021-11-171-7/+11
| | | | Added "Tag" label. Unified branch, tag and commit name.
* Add .gitattribute assisted language detection to blame, diff and render (#17590)zeripath2021-11-178-71/+134
| | | | | | | Use check attribute code to check the assigned language of a file and send that in to chroma as a hint for the language of the file. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Move some functions into services/repository (#17677)Lunny Xiao2021-11-174-314/+0
|
* A better go code formatter, and now `make fmt` can run in Windows (#17684)wxiaoguang2021-11-1723-10/+21
| | | | * go build / format tools * re-format imports
* Fix bug when read mysql database max lifetime (#17682)Lunny Xiao2021-11-171-2/+2
|
* Multiple Escaping Improvements (#17551)zeripath2021-11-1613-50/+71
| | | | | | | | | | | | | | There are multiple places where Gitea does not properly escape URLs that it is building and there are multiple places where it builds urls when there is already a simpler function available to use this. This is an extensive PR attempting to fix these issues. 1. The first commit in this PR looks through all href, src and links in the Gitea codebase and has attempted to catch all the places where there is potentially incomplete escaping. 2. Whilst doing this we will prefer to use functions that create URLs over recreating them by hand. 3. All uses of strings should be directly escaped - even if they are not currently expected to contain escaping characters. The main benefit to doing this will be that we can consider relaxing the constraints on user names and reponames in future. 4. The next commit looks at escaping in the wiki and re-considers the urls that are used there. Using the improved escaping here wiki files containing '/'. (This implementation will currently still place all of the wiki files the root directory of the repo but this would not be difficult to change.) 5. The title generation in feeds is now properly escaped. 6. EscapePound is no longer needed - urls should be PathEscaped / QueryEscaped as necessary but then re-escaped with Escape when creating html with locales Signed-off-by: Andrew Thornton <art27@cantab.net> Signed-off-by: Andrew Thornton <art27@cantab.net>
* Move migrations into services and base into modules/migration (#17663)Lunny Xiao2021-11-1640-7622/+20
| | | | | | | * Move migrtions into services and base into modules/migration * Fix imports * Fix lint
* Move some functions into services/repository (#17660)Lunny Xiao2021-11-1610-1258/+0
|
* Decouple unit test, remove intermediate `unittestbridge` package (#17662)wxiaoguang2021-11-1613-135/+79
| | | Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Add copy button to markdown code blocks (#17638)silverwind2021-11-162-13/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add copy button to markdown code blocks Done mostly in JS because I think it's better not to try getting buttons past the markup sanitizer. * add svg module tests * fix sanitizer regexp * remove outdated comment * vertically center button in issue comments as well * add comment to css * fix undefined on view file line copy * combine animation less files * Update modules/markup/markdown/markdown.go Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> * add test for different sizes * add cloneNode and add tests for it * use deep clone * remove useless optional chaining * remove the svg node cache * unify clipboard copy string and i18n * remove unused var * remove unused localization * minor css tweaks to the button * comment tweak * remove useless attribute Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix nil checking on typed interface (#17598)Gusted2021-11-153-7/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | * Fix nil checking on typed interface - Partially resoles #17596 - Resolves SA4023 errors. - Ensure correctly that typed interface are nil. * Remove unnecessary code `NewBleveIndexer` will never return nil, even on errors. * Patch `NewBleveIndexer` * Fix low-level functions * Remove deadcode * Fix GetSession * Close Elastic search when err isn't nil * Update elastic_search.go Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Remove unnecassary calls to `filepath.Join` (#17608)Gusted2021-11-151-1/+1
| | | | | | | | | | | - Partialy resolvess #17596 - Resolves `badCall` errors from go-critic `badCall: suspicious Join on 1 argument` - When only 1 argument is passed into `filepath.Join`, it won't do anything special other than `filepath.Clean(...)` will be applied over it. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: 6543 <6543@obermui.de>
* Add migration from GitBucket (#16767)KN4CK3R2021-11-144-106/+195
| | | | | | | | | | | | | This PR adds [GitBucket](https://gitbucket.github.io/) as migration source. Supported: - Milestones - Issues - Pull Requests - Comments - Reviews - Labels There is no public usable instance so no integration tests added.
* Correctly handle failed migrations (#17575)zeripath2021-11-132-3/+6
| | | | | | | | | | | | | | * Correctly handle failed migrations There is a bug in handling failed migrations whereby the migration task gets decoupled from the migration repository. This leads to a failure of the task to get deleted with the repository and also leads to the migration failed page resulting in a ISE. This PR removes the zeroing out of the task id from the migration but also makes the migration handler tolerate missing tasks much nicer. Fix #17571 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Decouple unit test code from business code (#17623)wxiaoguang2021-11-1226-57/+119
|
* Move EmailAddress & UserRedirect into models/user/ (#17607)Lunny Xiao2021-11-112-4/+6
| | | | | | | | | | | | | | | | | | | | | * Move EmailAddress into models/user/ * Fix test * rename user_mail to user_email * Fix test * Move UserRedirect into models/user/ * Fix lint & test * Fix lint * Fix lint * remove nolint comment * Fix lint
* Move webhook into models/webhook/ (#17579)Lunny Xiao2021-11-107-53/+58
|
* Move unit into models/unit/ (#17576)Lunny Xiao2021-11-097-43/+49
| | | | | * Move unit into models/unit/ * Rename unit.UnitType as unit.Type
* Avoid double imports (#17569)Gusted2021-11-082-5/+3
| | | | | Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix bug on admin subcommand (#17533)Lunny Xiao2021-11-071-4/+5
| | | | | | | * Fix bug on admin subcommand * Add signals for all initDB Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix ipv6 parsing for builtin ssh server (#17561)Wim2021-11-061-1/+2
|
* Use correct defaultValue for stracktrace (#17552)Gusted2021-11-051-1/+1
|
* Fix zero created time bug on commit api (#17546)Lunny Xiao2021-11-051-4/+6
| | | Fix #17543
* Add QueryEscape to general funcmap (#17526)zeripath2021-11-021-0/+1
| | | | | | QueryEscape was only added to the text funcmap. Add this to the main template funcmap too. Signed-off-by: Andrew Thornton <art27@cantab.net>
* fix email with + when active (#17518)Lunny Xiao2021-11-021-0/+1
| | | Co-authored-by: zeripath <art27@cantab.net>
* Make Repo Code Indexer an Unique Queue (#17515)zeripath2021-11-022-24/+12
| | | | | | | The functioning of the code indexer queue really only makes sense as an unique queue and doing this allows use to simplify the indexer data to simply delete the data if the repo is no longer in the db. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Only allow webhook to send requests to allowed hosts (#17482)wxiaoguang2021-11-015-19/+244
|
* Properly determine CSV delimiter (#17459)Richard Mahn2021-10-303-86/+633
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Fixes #16558 CSV delimiter determiner * Fixes #16558 - properly determine CSV delmiiter * Moves quoteString to a new function * Adds big test with lots of commas for tab delimited csv * Adds comments * Shortens the text of the test * Removes single quotes from regexp as only double quotes need to be searched * Fixes spelling * Fixes check of length as it probalby will only be 1e4, not greater * Makes sample size a const, properly removes truncated line * Makes sample size a const, properly removes truncated line * Fixes comment * Fixes comment * tests for FormatError() function * Adds logic to find the limiter before or after a quoted value * Simplifies regex * Error tests * Error tests * Update modules/csv/csv.go Co-authored-by: delvh <dev.lh@web.de> * Update modules/csv/csv.go Co-authored-by: delvh <dev.lh@web.de> * Adds comments * Update modules/csv/csv.go Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: delvh <dev.lh@web.de>
* Rename db Engines related functions (#17481)Lunny Xiao2021-10-303-4/+4
| | | | | * Rename db Engines related functions Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Ensure that restricted users can access repos for which they are members ↵zeripath2021-10-281-1/+1
| | | | | | | | | | | | | | | | | (#17460) There is a small bug in the way that repo access is checked in repoAssignment: Accessibility is checked by checking if the user has a marked access to the repository instead of checking if the user has any team granted access. This PR changes this permissions check to use HasAccess() which does the correct test. There is also a fix in the release api ListReleases where it should return draft releases if the user is a member of a team with write access to the releases. The PR also adds a testcase. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fixes #16559 - Do not trim leading spaces for tab delimited (#17442)Richard Mahn2021-10-262-8/+53
| | | | | | | | | | | * Fixes #16559 - Do not trim leading spaces for tab delimited * Adds back semicolon delimited test * Fixes linting * Adds nolint directive to test because uses strings starting with spaces Co-authored-by: zeripath <art27@cantab.net>
* Upgrade go-github to v39 (#17437)Lunny Xiao2021-10-262-2/+2
|
* In many cases user avatar link should be an absolute URL with http host (#17420)wxiaoguang2021-10-251-0/+1
|
* Add API to get/edit wiki (#17278)qwerty2872021-10-252-0/+107
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add API to get/edit wiki * Add swagger docs, various improvements * fmt * Fix lint and rm comment * Add page parameter * Add pagination to pages * Add tests * fmt * Update func names * Update error handling * Update type name * Fix lint * Don't delete Home * Update func name * Update routers/api/v1/repo/wiki.go Co-authored-by: delvh <dev.lh@web.de> * Remove unnecessary check * Fix lint * Use English strings * Update integrations/api_wiki_test.go Co-authored-by: delvh <dev.lh@web.de> * Update func and test names * Remove unsed check and avoid duplicated error reports * Improve error handling * Return after error * Document 404 error * Update swagger * Fix lint * Apply suggestions from code review Co-authored-by: delvh <dev.lh@web.de> * Document file encoding * fmt * Apply suggestions * Use convert * Fix integration test * simplify permissions * unify duplicate key Title/Name * improve types & return UTC timestamps * improve types pt.2 - add WikiPageMetaData.LastCommit - add WikiPageMetaData.HTMLURL - replace WikiPageMetaData.Updated with .LastCommit.Committer.Created also delete convert.ToWikiPage(), as it received too many arguments and only had one callsite anyway. sorry for bad advice earlier 🙃 * WikiPage.Content is base64 encoded * simplify error handling in wikiContentsByName() * update swagger * fix & DRY findWikiRepoCommit() error handling ListWikiPages() previously wrote error twice when repo wiki didn't exist * rename Content -> ContentBase64 * Fix test * Fix tests * Update var name * suburl -> sub_url Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Norwin <git@nroo.de> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>