aboutsummaryrefslogtreecommitdiffstats
path: root/modules
Commit message (Collapse)AuthorAgeFilesLines
* Prevent hang in git cat-file if repository is not a valid repository and ↵zeripath2021-12-165-1/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | other fixes (#17991) This PR contains multiple fixes. The most important of which is: * Prevent hang in git cat-file if the repository is not a valid repository Unfortunately it appears that if git cat-file is run in an invalid repository it will hang until stdin is closed. This will result in deadlocked /pulls pages and dangling git cat-file calls if a broken repository is tried to be reviewed or pulls exists for a broken repository. Fix #14734 Fix #9271 Fix #16113 Otherwise there are a few small other fixes included which this PR was initially intending to fix: * Fix panic on partial compares due to missing PullRequestWorkInProgressPrefixes * Fix links on pulls pages due to regression from #17551 - by making most /issues routes match /pulls too - Fix #17983 * Fix links on feeds pages due to another regression from #17551 but also fix issue with syncing tags - Fix #17943 * Add missing locale entries for oauth group claims * Prevent NPEs if ColorFormat is called on nil users, repos or teams.
* Prevent double decoding of % in url params (#17997)zeripath2021-12-161-0/+4
| | | | | | | | | | | | | | There was an unfortunate regression in #14293 which has led to the double decoding of url parameter elements if they contain a '%'. This is due to an issue with the way chi decodes its RoutePath. In detail the problem lies in mux.go where the routeHTTP path uses the URL.RawPath or even the URL.Path instead of the escaped path to do routing. This PR simply forcibly sets the routePath to that of the EscapedPath. Fix #17938 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Make AvatarRenderedSizeFactor configurable and set it to 3 (#17951)silverwind2021-12-164-13/+17
| | | | | | | | | | | | Save a bit of bandwidth by only requesting 3-times the rendered avatar size. Factor 4 is only really beneficial on a handful of mobile phones and I don't think they are the primary device we design for. Configurability contributed by zeripath. Fixes: https://github.com/go-gitea/gitea/pull/17422 Fixes: https://github.com/go-gitea/gitea/issues/16287 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fixed emoji alias not parsed in links (#16221)KN4CK3R2021-12-152-9/+16
| | | | | | | | * Do not skip links. * Restrict text in links to emojis. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
* Refactor HTTP request context (#17979)wxiaoguang2021-12-154-109/+70
|
* Add missing `X-Total-Count` and fix some related bugs (#17968)qwerty2872021-12-154-4/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add missing `X-Total-Count` and fix some related bugs Adds `X-Total-Count` header to APIs that return a list but doesn't have it yet. Fixed bugs: * not returned after reporting error (https://github.com/qwerty287/gitea/blob/39eb82446c6fe5da3d79124e1f701f3795625b69/routers/api/v1/user/star.go#L70) * crash with index out of bounds, API issue/issueSubscriptions I also found various endpoints that return lists but do not apply/support pagination yet: ``` /repos/{owner}/{repo}/issues/{index}/labels /repos/{owner}/{repo}/issues/comments/{id}/reactions /repos/{owner}/{repo}/branch_protections /repos/{owner}/{repo}/contents /repos/{owner}/{repo}/hooks/git /repos/{owner}/{repo}/issue_templates /repos/{owner}/{repo}/releases/{id}/assets /repos/{owner}/{repo}/reviewers /repos/{owner}/{repo}/teams /user/emails /users/{username}/heatmap ``` If this is not expected, an new issue should be opened. Closes #13043 * fmt * Update routers/api/v1/repo/issue_subscription.go Co-authored-by: KN4CK3R <admin@oldschoolhack.me> * Use FindAndCount Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: 6543 <6543@obermui.de>
* Add Option to synchronize Admin & Restricted states from OIDC/OAuth2 along ↵zeripath2021-12-141-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | with Setting Scopes (#16766) * Add setting to OAuth handlers to override local 2FA settings This PR adds a setting to OAuth and OpenID login sources to allow the source to override local 2FA requirements. Fix #13939 Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix regression from #16544 Signed-off-by: Andrew Thornton <art27@cantab.net> * Add scopes settings Signed-off-by: Andrew Thornton <art27@cantab.net> * fix trace logging in auth_openid Signed-off-by: Andrew Thornton <art27@cantab.net> * add required claim options Signed-off-by: Andrew Thornton <art27@cantab.net> * Move UpdateExternalUser to externalaccount Signed-off-by: Andrew Thornton <art27@cantab.net> * Allow OAuth2/OIDC to set Admin/Restricted status Signed-off-by: Andrew Thornton <art27@cantab.net> * Allow use of the same group claim name for the prohibit login value Signed-off-by: Andrew Thornton <art27@cantab.net> * fixup! Move UpdateExternalUser to externalaccount * as per wxiaoguang Signed-off-by: Andrew Thornton <art27@cantab.net> * add label back in Signed-off-by: Andrew Thornton <art27@cantab.net> * adjust localisation Signed-off-by: Andrew Thornton <art27@cantab.net> * placate lint Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Improve behavior of "Fork" button (#17288)qwerty2872021-12-131-2/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Improbe behaviour of fork button * Apply suggestions from code review * Remove old lines * Apply suggestions * Fix test * Remove unnecessary or * Update templates/repo/header.tmpl Co-authored-by: silverwind <me@silverwind.io> * Add comment * Fix situation if you can't fork but don't have forks * Fix lint * Apply changes from #17783 * fmt * fmt * Apply tweaks Co-authored by: silverwind <me@silverwind.io> * Rm dupl css * Fix build Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Some repository refactors (#17950)Lunny Xiao2021-12-127-54/+12
| | | | | | | | | * some repository refactors * remove unnecessary code * Fix test * Remove unnecessary banner
* Fix markdown URL parsing (#17924)wxiaoguang2021-12-113-75/+127
| | | | Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
* Move keys to models/asymkey (#17917)Lunny Xiao2021-12-107-26/+32
| | | | | | | | | | | | | | | | | | | * Move keys to models/keys * Rename models/keys -> models/asymkey * change the missed package name * Fix package alias * Fix test * Fix docs * Fix test * Fix test * merge
* Move repository model into models/repo (#17933)Lunny Xiao2021-12-1047-265/+335
| | | | | | | | | | | | | | | * Some refactors related repository model * Move more methods out of repository * Move repository into models/repo * Fix test * Fix test * some improvements * Remove unnecessary function
* Fix a panic in NotifyCreateIssueComment (caused by string truncation) (#17928)wxiaoguang2021-12-093-16/+104
| | | | | | | | | | | * Fix a panic in NotifyCreateIssueComment (caused by string truncation) * more unit tests * refactor * fix some edge cases * use SplitStringAtByteN for comment content
* Improve checkBranchName (#17901)zeripath2021-12-085-24/+75
| | | | | | | | | | | | The current implementation of checkBranchName is highly inefficient involving opening the repository, the listing all of the branch names checking them individually before then using using opened repo to get the tags. This PR avoids this by simply walking the references from show-ref instead of opening the repository (in the nogogit case). Signed-off-by: Andrew Thornton <art27@cantab.net>
* allways set a message-id on mails (#17900)Garionion2021-12-081-5/+11
| | | | | | | * allways set a message-id on mails * Add unit tests for mailer & Message-ID Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Refactor install page (db type) (#17919)wxiaoguang2021-12-072-9/+5
| | | | | | | | | | | | * Refactor install page (db type) * set correct default DB HOST for different DB TYPE * remove legacy TiDB from documents * unify the usage of DB TYPE, in code we only use "mysql". "MySQL" is only shown to users for friendly name. * Gitea can use TiDB via MySQL protocol Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Replace "unix" by "http+unix" for PROTOCOL (#17771)mscherer2021-12-052-20/+19
|
* Test cache during init (#17852)wxiaoguang2021-12-061-0/+15
|
* Removed SizeFmt. (#17890)KN4CK3R2021-12-031-1/+0
| | | Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add migrate from Codebase (#16768)KN4CK3R2021-12-021-0/+4
| | | | | | | | | | This PR adds [Codebase](https://www.codebasehq.com/) as migration source. Supported: - Milestones - Issues - Pull Requests - Comments - Labels
* Use fmt.Sprintf correctly (#17886)delvh2021-12-022-2/+2
|
* Refactor various strings (#17784)mscherer2021-12-028-19/+30
| | | | | | | | Fixes #16478 Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Improve install code to avoid low-level mistakes. (#17779)wxiaoguang2021-12-016-50/+144
| | | | | | | | | | | | | | * Improve install code to avoid low-level mistakes. If a user tries to do a re-install in a Gitea database, they gets a warning and double check. When Gitea runs, it never create empty app.ini automatically. Also some small (related) refactoring: * Refactor db.InitEngine related logic make it more clean (especially for the install code) * Move some i18n strings out from setting.go to make the setting.go can be easily maintained. * Show errors in CLI code if an incorrect app.ini is used. * APP_DATA_PATH is created when installing, and checked when starting (no empty directory is created any more).
* Make Requests Processes and create process hierarchy. Associate ↵zeripath2021-11-3041-224/+503
| | | | | | | | | OpenRepository with context. (#17125) This PR registers requests with the process manager and manages hierarchy within the processes. Git repos are then associated with a context, (usually the request's context) - with sub commands using this context as their base context. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Make Co-committed-by and co-authored-by trailers optional (#17848)zeripath2021-11-291-0/+3
| | | | | | | | This PR adds another option to app.ini make co-committed-by and co-authored-by trailers optional on a per server basis. Fix #17194 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Move accessmode into models/perm (#17828)Lunny Xiao2021-11-2810-34/+43
|
* Handle relative unix socket paths (#17836)zeripath2021-11-271-3/+10
| | | | | | | | | | | | Make relative unix sockets absolute by making them absolute against the AppWorkPath Fix #17833 ## :warning: BREAKING :warning: Prior to this PR relative unix sockets would have been asserted to be relative to the current working directory that gitea, gitea serv, hook and manager etc were running in. Hooks and Serv would have failed to work properly under this situation so we expect that although this is a technically breaking change the previous situation was already broken. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Replace regex usage for MIME parsing (#17831)Gabriel Vasile2021-11-271-2/+6
| | | | | | | MIME types can have multiple optional parameters, eg: video/webm; codecs="w/e codec"; charset="binary" This commit replaces the usage of regex for getting the "type/subtype" with mime.ParseMediaType.
* Use correct user on releases (#17806)Gusted2021-11-251-2/+2
| | | | | | | - Use the provided `doer` instead of `rel.Publisher`. The code will also run on edited releases and deleted ones, which isn't necessary done by `rel.Publisher`. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Move user related model into models/user (#17781)Lunny Xiao2021-11-2433-291/+363
| | | | | | | | | | | | | * Move user related model into models/user * Fix lint for windows * Fix windows lint * Fix windows lint * Move some tests in models * Merge
* Use `*PushUpdateOptions` as receiver (#17724)Gusted2021-11-241-14/+14
|
* Move repofiles from modules/repofiles to services/repository/files (#17774)Lunny Xiao2021-11-2422-2716/+8
| | | | | | | | | * Move repofiles from modules to services * rename services/repository/repofiles -> services/repository/files * Fix test Co-authored-by: 6543 <6543@obermui.de>
* Fix visibility of org avatars (#17789)qwerty2872021-11-241-7/+13
| | | | | | | * Fix visibility of org avatar * more clear syntax Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Use correct Sender on webhook change title (#17791)Gusted2021-11-241-1/+1
| | | As title, thanks to @mscherer for pointing out the incorrect code.
* More pleasantly handle broken or missing git repositories (#17747)zeripath2021-11-221-1/+33
| | | | | | | | | | | | | | | | | | | | | | * More pleasantly handle broken or missing git repositories In #17742 it was noted that there a completely invalid git repository underlying a repo on gitea.com. This happened due to a problem during a migration however, it is not beyond the realms of possibility that a corruption could occur to another user. This PR adds a check to RepoAssignment that will detect if a repository loading has failed due to an absent git repository. It will then show a page suggesting the user contacts the administrator or deletes the repository. Fix #17742 Signed-off-by: Andrew Thornton <art27@cantab.net> * Update options/locale/locale_en-US.ini Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Remove unnecessary attributes of User struct (#17745)Lunny Xiao2021-11-222-3/+8
| | | | | | | | | | | | | | | * Remove unnecessary functions of User struct * Move more database methods out of user struct * Move more database methods out of user struct * Fix template failure * Fix bug * Remove finished FIXME * remove unnecessary code
* Add user settings key/value DB table (#16834)techknowlogick2021-11-221-1/+1
|
* Fix close issue but time watcher still running (#17643)Lunny Xiao2021-11-212-517/+0
| | | | | | | | | | | | | * Fix close issue but time watcher still running * refactor stopwatch codes * Fix test * Fix test * Fix typo * Fix test
* Reset locale on login (#17734)zeripath2021-11-202-0/+6
| | | | | | | | | When logging in reset the user's locale to ensure that it matches their preferred locale. Fix #15612 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Extract constant names out for the ReverseProxy and Basic authentication ↵zeripath2021-11-202-2/+2
| | | | | | | | | methods (#17735) In order to reduce load on the GC extract out the constant names of the Basic and ReverseProxy methods. As mentioned in https://github.com/go-gitea/gitea/pull/15119#discussion_r730352176 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Enable show more files in diff for git <2.31 (#17733)zeripath2021-11-201-1/+1
| | | | | | | | | | | | | Unfortunately due to a misread on my behalf I missed that git diff only learned --skip-to in version 2.31.0. Thus this functionality was not working on older versions of git. This PR adds a handler that simply allows for us to skip reading the diffs until we find the correct file to skip to. Fix #17731 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Use `hostmatcher` to replace `matchlist`, improve security (#17605)wxiaoguang2021-11-2010-140/+247
| | | | | Use hostmacher to replace matchlist. And we introduce a better DialContext to do a full host/IP check, otherwise the attackers can still bypass the allow/block list by a 302 redirection.
* Make SSL cipher suite configurable (#17440)zeripath2021-11-203-44/+11
|
* Fix correct usage of teams (#17732)Gusted2021-11-201-0/+6
| | | | | | | - `.Teams` isn't a field on the User type, thus using the seperate loaded teams. - Add a space between `PathEscape` and argument. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Better builtin avatar generator (#17707)wxiaoguang2021-11-207-17/+1109
| | | | | | | This PR fixes the builtin avatar generator. 1. The random background color makes some images very dirty. So now we only use white background for avatars. 2. We use left-right mirror avatars to satisfy #14799 3. Fix a small padding error in the algorithm
* Add settings to allow different SMTP envelope from address (#17479)zeripath2021-11-191-7/+25
| | | | | | | | | | | * Add settings to allow different SMTP envelope from address Sometimes it may be advisable to hide or alias the from address on an SMTP mail envelope. This PR adds two new options to the mailer to allow setting of an overriding from address. Fix #17477 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Move attachment into models/repo/ (#17650)Lunny Xiao2021-11-193-5/+7
| | | | | | | * Move attachment into models/repo/ * Fix test * Fix bug
* Use a standalone struct name for Organization (#17632)Lunny Xiao2021-11-195-21/+16
| | | | | | | | | | | | | | | | | | | | | * Use a standalone struct name for Organization * recover unnecessary change * make the code readable * Fix template failure * Fix template failure * Move HasMemberWithUserID to org * Fix test * Remove unnecessary user type check * Fix test Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Prevent double sanitize (#16386)KN4CK3R2021-11-193-64/+48
| | | | | | | | * Prevent double sanitize. * Use SanitizeReaderToWriter. At the moment `actualRender` uses `SanitizeReader` to sanitize the output. But `SanitizeReader` gets called in `markup.render` too so the output gets sanitized twice. I moved the `SanitizeReader` call into `RenderRaw` because this method does not use `markup.render`. I would like to remove the `RenderRaw`/`RenderRawString` methods too because they are only called from tests, the fuzzer and the `/markup/raw` api endpoint. This endpoint is not in use so I think we could remove them. If we really in the future need a method to render markdown without PostProcessing we could achieve this with a more flexible `renderer.NeedPostProcess` method.
* Prevent deadlock in TestPersistableChannelQueue (#17717)zeripath2021-11-191-0/+33
| | | | | | | | | | | | * Prevent deadlock in TestPersistableChannelQueue There is a potential deadlock in TestPersistableChannelQueue due to attempting to shutdown the test queue before it is ready. Signed-off-by: Andrew Thornton <art27@cantab.net> * prevent npe Signed-off-by: Andrew Thornton <art27@cantab.net>