aboutsummaryrefslogtreecommitdiffstats
path: root/modules
Commit message (Collapse)AuthorAgeFilesLines
* Move more functions to db.Find (#28419)Lunny Xiao2024-01-152-3/+6
| | | | | | | | | Following #28220 This PR move more functions to use `db.Find`. --------- Co-authored-by: delvh <dev.lh@web.de>
* Warn that `DISABLE_QUERY_AUTH_TOKEN` is false only if it's explicitly ↵Yarden Shoham2024-01-141-1/+4
| | | | | | | | | | defined (#28783) So we don't warn on default behavior - Fixes https://github.com/go-gitea/gitea/issues/28758 - Follows https://github.com/go-gitea/gitea/pull/28390 Signed-off-by: Yarden Shoham <git@yardenshoham.com>
* Fix schedule tasks bugs (#28691)Lunny Xiao2024-01-124-10/+26
| | | | | | | | | | | | | | | | Fix #28157 This PR fix the possible bugs about actions schedule. ## The Changes - Move `UpdateRepositoryUnit` and `SetRepoDefaultBranch` from models to service layer - Remove schedules plan from database and cancel waiting & running schedules tasks in this repository when actions unit has been disabled or global disabled. - Remove schedules plan from database and cancel waiting & running schedules tasks in this repository when default branch changed.
* Support for grouping RPMs using paths (#26984)Exploding Dragon2024-01-122-2/+6
| | | | | | | | | | | | The current rpm repository places all packages in the same repository, and different systems (el7,f34) may hit packages that do not belong to this distribution ( #25304 ) , which now supports grouping of rpm. ![图片](https://github.com/go-gitea/gitea/assets/33776693/d1e1d99f-7799-4b2b-a19b-cb2a5c692914) Fixes #25304 . Fixes #27056 . Refactor: [#25866](https://github.com/go-gitea/gitea/pull/25866)
* Show description as tooltip instead of title for labels (#28754)delvh2024-01-121-2/+2
| | | | | | | | | | | | | Follow GitHubs behavior of showing the label description as a tooltip instead of the browser native title. ## Before ![grafik](https://github.com/go-gitea/gitea/assets/51889757/70448327-467b-4bee-b799-40a442a5ce16) ## After ![grafik](https://github.com/go-gitea/gitea/assets/51889757/abe7d700-148b-4cef-a487-6b0f8f20b212)
* Integration Test for Commit Search containing Square Brackets (#28751)Mihir Joshi2024-01-111-1/+1
| | | | | | Integration test for #28744 Change keywords commit search flag from `-F` to `--fixed-strings` for readability
* Add -F to commit search to treat keywords as strings (#28744)Mihir Joshi2024-01-101-0/+3
| | | | | | | | | | | | | Fixes #28269 The [default behavior](https://git-scm.com/docs/git-log#Documentation/git-log.txt---basic-regexp) of --grep in git log is to interpret the keyword as a regular expression. This causes the search to fail in the cases where the search keyword contains a `[`, since `[` is a special character used in grep. If we want our keywords to be interpreted as 'strings', we should use [-F flag](https://git-scm.com/docs/git-log#Documentation/git-log.txt---basic-regexp).
* Recommend/convert to use case-sensitive collation for MySQL/MSSQL (#28662)wxiaoguang2024-01-101-3/+4
| | | | | | | | | | | | | | | | | | Mainly for MySQL/MSSQL. It is important for Gitea to use case-sensitive database charset collation. If the database is using a case-insensitive collation, Gitea will show startup error/warning messages, and show the errors/warnings on the admin panel's Self-Check page. Make `gitea doctor convert` work for MySQL to convert the collations of database & tables & columns. * Fix #28131 ## :warning: BREAKING :warning: It is not quite breaking, but it's highly recommended to convert the database&table&column to a consistent and case-sensitive collation.
* Suggest to use Type=simple for systemd service (#28717)wxiaoguang2024-01-071-0/+3
| | | | Although the systemd notify support was added, it seems that there are some problems (#28553, for the "non-installed" instance)
* Fix panic when parsing empty pgsql host (#28708)wxiaoguang2024-01-062-1/+5
| | | | Regression of #27723 Fix #28705
* Normalize oauth email username (#28561)Kyle D2024-01-031-1/+1
|
* Make cross-reference issue links work in markdown documents again (#28682)Brecht Van Lommel2024-01-033-7/+18
| | | | | | | | | | In #26365 issue references were disabled entirely for documents, intending to match GitHub behavior. However cross-references do appear to work in documents on GitHub. This is useful for example to write release notes in a markdown document and reference issues. While the simpler syntax may create links when not intended, hopefully the cross-reference syntax is unique enough to avoid it.
* Make template `DateTime` show proper tooltip (#28677)wxiaoguang2024-01-022-16/+19
| | | | | | | | | | | | | | | | | There was a question about "how to improve the datetime display for SSH/PGP/WebAuthn" https://github.com/go-gitea/gitea/pull/28262#issuecomment-1831141611 The root problem is that `DateTime` misses the "data-tooltip-content" attribute, which should be used to make the tooltip popup smoothly. Now the UI is consistent and the end users could see the detailed hour/minute/second easily by hovering the element. ![image](https://github.com/go-gitea/gitea/assets/2114189/2211336f-d59d-4f64-a83b-099f8ef6d29b) ![image](https://github.com/go-gitea/gitea/assets/2114189/f02a9c86-476d-48d6-aece-85a800235fbd)
* Add global setting how timestamps should be rendered (#28657)Yarden Shoham2024-01-024-49/+63
| | | | | | | | | | | | | | | | | | | | | | | | | | | - Resolves https://github.com/go-gitea/gitea/issues/22493 - Related to https://github.com/go-gitea/gitea/issues/4520 Some admins prefer all timestamps to display the full date instead of relative time. They can do that now by setting ```ini [ui] PREFERRED_TIMESTAMP_TENSE = absolute ``` This setting is set to `mixed` by default, allowing dates to render as "5 hours ago". Here are some screenshots of the UI with this setting set to `absolute`: ![image](https://github.com/go-gitea/gitea/assets/20454870/f496457f-6afa-44be-a1e7-249ee5fe0706) ![image](https://github.com/go-gitea/gitea/assets/20454870/c03b14f5-063d-4e13-9780-76ab002d76a9) ![image](https://github.com/go-gitea/gitea/assets/20454870/f4b34e28-1546-4374-9199-c43348844edd) --------- Signed-off-by: Yarden Shoham <git@yardenshoham.com> Co-authored-by: delvh <dev.lh@web.de>
* Avoid cycle-redirecting user/login page (#28636)wxiaoguang2023-12-301-2/+1
| | | | Fix #28231, and remove some unused code. The `db.HasEngine` doesn't seem useful because the db engine is always initialized before web route.
* Refactor timeutil package (#28623)wxiaoguang2023-12-281-22/+12
| | | | | 1. make names more readable 2. remove unused FormatLong/FormatShort 3. use `FormatDate` instead of `Format "2006-01-02"`
* Refactor some legacy code and remove unused code (#28622)wxiaoguang2023-12-282-65/+0
| | | | | 1. use slices.Contains, remove Int64sContains 2. use HashEmail, remove base.EncodeMD5 3. remove BasicAuthEncode, IsLetter
* Do not set `Accept` header twice (#28598)KN4CK3R2023-12-281-4/+1
| | | | | Revert #28550 Don't add the `Accept` header twice.
* Refactor CORS handler (#28587)wxiaoguang2023-12-253-22/+8
| | | | | | | | | | | The CORS code has been unmaintained for long time, and the behavior is not correct. This PR tries to improve it. The key point is written as comment in code. And add more tests. Fix #28515 Fix #27642 Fix #17098
* Make offline mode as default to no connect external avatar service by ↵Lunny Xiao2023-12-212-2/+3
| | | | | | | default (#28548) To keep user's privacy, make offline mode as true by default. Users can still change it from installation ui and app.ini
* Fix the issue ref rendering for wiki (#28556)wxiaoguang2023-12-201-1/+3
| | | | | | | | Fix #28526, regression of * #26365 (although the author of #26365 has recent activities, but there is no response for the regression, so I proposed this quick fix and keep the fix simple to make it easier to backport to 1.21)
* Add missing head of lfs client batch (#28550)Lunny Xiao2023-12-201-1/+4
| | | ref https://github.com/git-lfs/git-lfs/blob/main/docs/api/batch.md#git-lfs-batch-api
* Always enable caches (#28527)Lunny Xiao2023-12-194-29/+6
| | | | | | | | | Nowadays, cache will be used on almost everywhere of Gitea and it cannot be disabled, otherwise some features will become unaviable. Then I think we can just remove the option for cache enable. That means cache cannot be disabled. But of course, we can still use cache configuration to set how should Gitea use the cache.
* Improve ObjectFormat interface (#28496)Lunny Xiao2023-12-1931-153/+97
| | | | | | | | | | | | | | | | | | | | | | | The 4 functions are duplicated, especially as interface methods. I think we just need to keep `MustID` the only one and remove other 3. ``` MustID(b []byte) ObjectID MustIDFromString(s string) ObjectID NewID(b []byte) (ObjectID, error) NewIDFromString(s string) (ObjectID, error) ``` Introduced the new interfrace method `ComputeHash` which will replace the interface `HasherInterface`. Now we don't need to keep two interfaces. Reintroduced `git.NewIDFromString` and `git.MustIDFromString`. The new function will detect the hash length to decide which objectformat of it. If it's 40, then it's SHA1. If it's 64, then it's SHA256. This will be right if the commitID is a full one. So the parameter should be always a full commit id. @AdamMajer Please review.
* chore(api): support ignore password if login source type is LDAP for ↵Bo-Yi Wu2023-12-191-3/+2
| | | | | | | | | | | | creating user API (#28491) - Modify the `Password` field in `CreateUserOption` struct to remove the `Required` tag - Update the `v1_json.tmpl` template to include the `email` field and remove the `password` field --------- Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
* Update go dependencies (#28518)wxiaoguang2023-12-191-1/+1
| | | | | Update golang.org/x/crypto for CVE-2023-48795 and update other packages. `go-git` is not updated because it needs time to figure out why some tests fail.
* Add orphaned topic consistency check (#28507)Earl Warren2023-12-181-0/+6
| | | | | | | | | | | - If a topic has zero repository count, it means that none of the repositories are using that topic, that would make them 'useless' to keep. One caveat is that if that topic is going to be used in the future, it will be added again to the database, but simply with a new ID. Refs: https://codeberg.org/forgejo/forgejo/pulls/1964 Co-authored-by: Gusted <postmaster@gusted.xyz>
* Add option to disable ambiguous unicode characters detection (#28454)wxiaoguang2023-12-1710-124/+85
| | | | | | | | * Close #24483 * Close #28123 * Close #23682 * Close #23149 (maybe more)
* Adjust object format interface (#28469)Lunny Xiao2023-12-1720-96/+90
| | | | | | | - Remove `ObjectFormatID` - Remove function `ObjectFormatFromID`. - Use `Sha1ObjectFormat` directly but not a pointer because it's an empty struct. - Store `ObjectFormatName` in `repository` struct
* Initalize stroage for orphaned repository doctor (#28487)Earl Warren2023-12-161-0/+5
| | | | | | | | | | - When a repository is orphaned and has objects stored in any of the storages such as repository avatar or attachments the delete function would error, because the storage module wasn't initalized. - Add code to initialize the storage module. Refs: https://codeberg.org/forgejo/forgejo/pulls/1954 Co-authored-by: Gusted <postmaster@gusted.xyz>
* Only use SHA256 feature when git >= 2.42 (#28466)wxiaoguang2023-12-144-12/+11
| | | And fix some comments
* Abstract hash function usage (#28138)Adam Majer2023-12-1370-448/+720
| | | | | | Refactor Hash interfaces and centralize hash function. This will allow easier introduction of different hash function later on. This forms the "no-op" part of the SHA256 enablement patch.
* Deprecate query string auth tokens (#28390)Jack Hay2023-12-121-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ## Changes - Add deprecation warning to `Token` and `AccessToken` authentication methods in swagger. - Add deprecation warning header to API response. Example: ``` HTTP/1.1 200 OK ... Warning: token and access_token API authentication is deprecated ... ``` - Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth tokens entirely. Default is `false` ## Next steps - `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and the methods should be removed in swagger - `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of the auth methods in question should be removed ## Open questions - Should there be further changes to the swagger documentation? Deprecation is not yet supported for security definitions (coming in [OpenAPI Spec version 3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506)) - Should the API router logger sanitize urls that use `token` or `access_token`? (This is obviously an insufficient solution on its own) --------- Co-authored-by: delvh <dev.lh@web.de>
* Improve doctor cli behavior (#28422)wxiaoguang2023-12-111-6/+10
| | | | | | 1. Do not sort the "checks" slice again and again when "Register", it just wastes CPU when the Gitea instance runs 2. If a check doesn't exist, tell the end user 3. Add some tests
* Second part of refactor `db.Find` (#28194)Lunny Xiao2023-12-112-9/+5
| | | Continue of #27798 and move more functions to `db.Find` and `db.Count`.
* Make gogit Repository.GetBranchNames consistent (#28348)Adam Majer2023-12-071-13/+28
|
* Remove GetByBean method because sometimes it's danger when query condition ↵Lunny Xiao2023-12-072-10/+13
| | | | | | | | | | | | | | | | | | | | parameter is zero and also introduce new generic methods (#28220) The function `GetByBean` has an obvious defect that when the fields are empty values, it will be ignored. Then users will get a wrong result which is possibly used to make a security problem. To avoid the possibility, this PR removed function `GetByBean` and all references. And some new generic functions have been introduced to be used. The recommand usage like below. ```go // if query an object according id obj, err := db.GetByID[Object](ctx, id) // query with other conditions obj, err := db.Get[Object](ctx, builder.Eq{"a": a, "b":b}) ```
* Include public repos in doer's dashboard for issue search (#28304)Jason Song2023-12-073-29/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It will fix #28268 . <img width="1313" alt="image" src="https://github.com/go-gitea/gitea/assets/9418365/cb1e07d5-7a12-4691-a054-8278ba255bfc"> <img width="1318" alt="image" src="https://github.com/go-gitea/gitea/assets/9418365/4fd60820-97f1-4c2c-a233-d3671a5039e9"> ## :warning: BREAKING :warning: But need to give up some features: <img width="1312" alt="image" src="https://github.com/go-gitea/gitea/assets/9418365/281c0d51-0e7d-473f-bbed-216e2f645610"> However, such abandonment may fix #28055 . ## Backgroud When the user switches the dashboard context to an org, it means they want to search issues in the repos that belong to the org. However, when they switch to themselves, it means all repos they can access because they may have created an issue in a public repo that they don't own. <img width="286" alt="image" src="https://github.com/go-gitea/gitea/assets/9418365/182dcd5b-1c20-4725-93af-96e8dfae5b97"> It's a confusing design. Think about this: What does "In your repositories" mean when the user switches to an org? Repos belong to the user or the org? Whatever, it has been broken by #26012 and its following PRs. After the PR, it searches for issues in repos that the dashboard context user owns or has been explicitly granted access to, so it causes #28268. ## How to fix it It's not really difficult to fix it. Just extend the repo scope to search issues when the dashboard context user is the doer. Since the user may create issues or be mentioned in any public repo, we can just set `AllPublic` to true, which is already supported by indexers. The DB condition will also support it in this PR. But the real difficulty is how to count the search results grouped by repos. It's something like "search issues with this keyword and those filters, and return the total number and the top results. **Then, group all of them by repo and return the counts of each group.**" <img width="314" alt="image" src="https://github.com/go-gitea/gitea/assets/9418365/5206eb20-f8f5-49b9-b45a-1be2fcf679f4"> Before #26012, it was being done in the DB, but it caused the results to be incomplete (see the description of #26012). And to keep this, #26012 implement it in an inefficient way, just count the issues by repo one by one, so it cannot work when `AllPublic` is true because it's almost impossible to do this for all public repos. https://github.com/go-gitea/gitea/blob/1bfcdeef4cca0f5509476358e5931c13d37ed1ca/modules/indexer/issues/indexer.go#L318-L338 ## Give up unnecessary features We may can resovle `TODO: use "group by" of the indexer engines to implement it`, I'm sure it can be done with Elasticsearch, but IIRC, Bleve and Meilisearch don't support "group by". And the real question is, does it worth it? Why should we need to know the counts grouped by repos? Let me show you my search dashboard on gitea.com. <img width="1304" alt="image" src="https://github.com/go-gitea/gitea/assets/9418365/2bca2d46-6c71-4de1-94cb-0c9af27c62ff"> I never think the long repo list helps anything. And if we agree to abandon it, things will be much easier. That is this PR. ## TODO I know it's important to filter by repos when searching issues. However, it shouldn't be the way we have it now. It could be implemented like this. <img width="1316" alt="image" src="https://github.com/go-gitea/gitea/assets/9418365/99ee5f21-cbb5-4dfe-914d-cb796cb79fbe"> The indexers support it well now, but it requires some frontend work, which I'm not good at. So, I think someone could help do that in another PR and merge this one to fix the bug first. Or please block this PR and help to complete it. Finally, "Switch dashboard context" is also a design that needs improvement. In my opinion, it can be accomplished by adding filtering conditions instead of "switching".
* Use `filepath` instead of `path` to create SQLite3 database file (#28374)wxiaoguang2023-12-061-2/+1
|
* Fix incorrect default value of `[attachment].MAX_SIZE` (#28373)capvor2023-12-061-1/+1
|
* Render PyPi long description as document (#28272)Earl Warren2023-12-051-0/+1
| | | | Co-authored-by: Gusted <postmaster@gusted.xyz>
* Convert git commit summary to valid UTF8. (#28356)darrinsmart2023-12-051-1/+2
| | | | | | | | The summary string ends up in the database, and (at least) MySQL & PostgreSQL require valid UTF8 strings. Fixes #28178 Co-authored-by: Darrin Smart <darrin@filmlight.ltd.uk>
* Read `previous` info from git blame (#28306)KN4CK3R2023-12-012-24/+41
| | | | | | | Fixes #28280 Reads the `previous` info from the `git blame` output instead of calculating it afterwards.
* Meilisearch: require all query terms to be matched (#28293)Brecht Van Lommel2023-11-291-4/+5
| | | | | | | | | | | | | Previously only the first term had to be matched. That default Meilisearch behavior makes sense for e.g. some kind of autocomplete to find and select a single result. But for filtering issues it means you can't narrow down results by adding more terms. This is also more consistent with other indexers and GitHub. --- Reference: https://www.meilisearch.com/docs/reference/api/search#matching-strategy
* Ignore "non-existing" errors when getDirectorySize calculates the size (#28276)wxiaoguang2023-11-291-15/+12
| | | | | | | | | The git command may operate the git directory (add/remove) files in any time. So when the code iterates the directory, some files may disappear during the "walk". All "IsNotExist" errors should be ignored. Fix #26765
* Ignore temporary files for directory size (#28265)Earl Warren2023-11-281-1/+5
| | | | Co-authored-by: Gusted <postmaster@gusted.xyz>
* Fix delete-orphaned-repos (#28200)pitpalme2023-11-241-2/+2
| | | | | | | gitea doctor failed at checking and fixing 'delete-orphaned-repos', because table name 'user' needs quoting to be correctly recognized by at least PostgreSQL. fixes #28199
* Refactor graceful manager to use shared code (#28073)wxiaoguang2023-11-243-174/+119
| | | | Make "windows" and "unix" share as much code as possible. No logic change.
* Use restricted sanitizer for repository description (#28141)Earl Warren2023-11-232-3/+54
| | | | | | | | | | | | | | | - Currently the repository description uses the same sanitizer as a normal markdown document. This means that element such as heading and images are allowed and can be abused. - Create a minimal restricted sanitizer for the repository description, which only allows what the postprocessor currently allows, which are links and emojis. - Added unit testing. - Resolves https://codeberg.org/forgejo/forgejo/issues/1202 - Resolves https://codeberg.org/Codeberg/Community/issues/1122 (cherry picked from commit 631c87cc2347f0036a75dcd21e24429bbca28207) Co-authored-by: Gusted <postmaster@gusted.xyz>
* Make CORS work for oauth2 handlers (#28184)wxiaoguang2023-11-231-0/+4
| | | | | | Fix #25473 Although there was `m.Post("/login/oauth/access_token", CorsHandler()...`, it never really worked, because it still lacks the "OPTIONS" handler.