aboutsummaryrefslogtreecommitdiffstats
path: root/modules
Commit message (Collapse)AuthorAgeFilesLines
* Stop logging an error when notes are not found (#18626)zeripath2022-02-062-0/+6
| | | | | | | This is an unnecessary logging event. Fix #18616 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Only attempt to flush queue if the underlying worker pool is not finished ↵zeripath2022-02-052-0/+16
| | | | | | | | | | | | | | | | | (#18593) * Only attempt to flush queue if the underlying worker pool is not finished There is a possible race whereby a worker pool could be cancelled but yet the underlying queue is not empty. This will lead to flush-all cycling because it cannot empty the pool. Signed-off-by: Andrew Thornton <art27@cantab.net> * Apply suggestions from code review Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: Gusted <williamzijl7@hotmail.com>
* Use `CryptoRandomBytes` instead of `CryptoRandomString` (#18439)Gusted2022-02-042-23/+0
| | | | | | - Switch to use `CryptoRandomBytes` instead of `CryptoRandomString`, OAuth's secrets are copied pasted and don't need to avoid dubious characters etc. - `CryptoRandomBytes` gives ![2^256 = 1.15 * 10^77](https://render.githubusercontent.com/render/math?math=2^256%20=%201.15%20\cdot%2010^77) `CryptoRandomString` gives ![62^44 = 7.33 * 10^78](https://render.githubusercontent.com/render/math?math=62^44%20=%207.33%20\cdot%2010^78) possible states. - Add a prefix, such that code scanners can easily grep these in source code. - 32 Bytes + prefix
* Collaborator trust model should trust collaborators (#18539)zeripath2022-02-021-1/+1
| | | | | | | | | | * Collaborator trust model should trust collaborators There was an unintended regression in #17917 which leads to only repository admin commits being trusted. This PR restores the old logic. Fix #18501 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add `GetUserTeams` (#18499)Gusted2022-02-011-1/+1
| | | | | | | | | | | | | | | | | | | | * COrrect use `UserID` in `SearchTeams` - Use `UserID` in the `SearchTeams` function, currently it was useless to pass such information. Now it does a INNER statement to `team_user` which obtains UserID -> TeamID data. - Make OrgID optional. - Resolves #18484 * Seperate searching specific user * Add condition back * Use correct struct type Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* add test coverage for original author conversion during migrations (#18506)singuliere2022-02-016-0/+36
| | | | | | | | | | | | | | | | | | * add test coverage for original author conversion during migrations And create a function to factorize a code snippet that is repeated five times and would otherwise be more difficult to test and maintain consistently. Signed-off-by: Loïc Dachary <loic@dachary.org> * fix variable scope and int64 formatting * add missing calls to remapExternalUser and fix misplaced %d Co-authored-by: Loïc Dachary <loic@dachary.org> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* add gitea-fmt back (#18526)65432022-02-011-0/+1
|
* Fix non-ASCII search on database (#18437)Gusted2022-02-012-0/+45
| | | Use `ToASCIIUpper` for SQLite database on issues search, this because `UPPER(x)` on SQLite only transforms ASCII letters. Resolves #18429
* Remove go 1.15 support (#18511)Gusted2022-02-012-15/+0
| | | | | - Remove support for go 1.15(go.mod already requires go 1.16). Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Prevent NPE on partial match of compare URL and allow short SHA1 compare ↵Gusted2022-01-312-1/+21
| | | | | | | | | | | | | | URLs (#18472) * Don't panic & allow shorter sha1 - Don't panic when the full regex isn't matched and allow the usage of a shorter sha1 being used. - Resolves #18471 * Update modules/markup/html.go Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Warn at startup if the provided `SCRIPT_TYPE` is not on the PATH (#18467)zeripath2022-01-301-0/+5
| | | | | | | | Several users run Gitea in situations whereby `bash` is not available. If the `SCRIPT_TYPE` is not changed this will cause hooks to fail. A simple test to check if the provided type is on the PATH should be sufficient to warn them about this problem. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Change some logging levels (#18421)zeripath2022-01-292-11/+17
| | | | | | | | | | * Change some logging levels * PlainTextWithBytes - 4xx/5xx this should just be TRACE * notFoundInternal - the "error" here is too noisy and should be DEBUG * WorkerPool - Worker pool scaling messages are normal and should be DEBUG Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Update Goldmark to Goldmark 1.4.4 (#18420)zeripath2022-01-291-2/+2
| | | | | | * Update Goldmark to Goldmark 1.4.4 * nolint the deprecation Signed-off-by: Andrew Thornton <art27@cantab.net>
* Ensure git tag tests and others create test repos in tmpdir (#18447)zeripath2022-01-293-62/+206
| | | | | | | | | | | | | | | | | | | | * Ensure git tag tests and other create test repos in tmpdir There are a few places where tests appear to reuse testing repos which causes random CI failures. This PR simply changes these tests to ensure that cloning always happens into new temporary directories. Fix #18444 * Change log root for integration tests to use the REPO_TEST_DIR There is a potential race in the drone integration tests whereby test-mysql etc will start writing to log files causing make test-check fail. Fix #18077 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Attempt to prevent the deadlock in the QueueDiskChannel Test again (#18415)zeripath2022-01-297-95/+119
| | | | | | | | | | | | | * Attempt to prevent the deadlock in the QueueDiskChannel Test again This time we're going to adjust the pause tests to only test the right flag. * Only switch off pushback once we know that we are not pushing anything else * Ensure full redirection occurs * More nicely handle a closed datachan * And handle similar problems in queue_channel_test Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix broken when no commits and default branch is not master (#18422)Lunny Xiao2022-01-281-7/+13
| | | | | | | | | * Fix broken when no commits and default branch is not master * Fix IsEmpty check * Improve codes * Add timeout
* Automatically pause queue if index service is unavailable (#15066)Lauris BH2022-01-2713-74/+383
| | | | | | * Handle keyword search error when issue indexer service is not available * Implement automatic disabling and resume of code indexer queue
* Validate migration files (#18203)Aravinth Manivannan2022-01-2618-38/+545
| | | | | | | JSON Schema validation for data used by Gitea during migrations Discussion at https://forum.forgefriends.org/t/common-json-schema-for-repository-information/563 Co-authored-by: Loïc Dachary <loic@dachary.org>
* Use base32 for 2FA scratch token (#18384)wxiaoguang2022-01-264-29/+29
| | | | * Use base32 for 2FA scratch token * rename Secure* to Crypto*, add comments
* Prevent deadlocks in persistable channel pause test (#18410)zeripath2022-01-262-6/+53
| | | | | | | | | | | | | | | | * Prevent deadlocks in persistable channel pause test Because of reuse of the old paused/resumed channels in this test there was a potential for deadlock. This PR ensures that the channels are always reobtained. It further adds some control code to detect hangs in future - and it ensures that the pausing warning is not shown on shutdown. Signed-off-by: Andrew Thornton <art27@cantab.net> * do not warn but do pause Signed-off-by: Andrew Thornton <art27@cantab.net>
* Unexport git.GlobalCommandArgs (#18376)65432022-01-255-16/+32
| | | | Unexport the git.GlobalCommandArgs variable.
* API: Return primary language and repository language stats API URL (#18396)Lauris BH2022-01-252-0/+11
|
* Make WrappedQueues and PersistableChannelUniqueQueues Pausable (#18393)zeripath2022-01-249-14/+72
| | | | | | | Implements the Pausable interface on WrappedQueues and PersistableChannelUniqueQueues Reference #15928 Signed-off-by: Andrew Thornton art27@cantab.net
* Fix partial cloning a repo (#18373)Gusted2022-01-232-2/+5
| | | | | | | | - Pass the Global command args into serviceRPC. - Fixes error with partial cloning. - Add partial clone test - Include diff Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Add packagist webhook (#18224)Dr. Tobias Quathamer2022-01-232-2/+2
| | | | Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix mime-type detection for HTTP server (#18370)wxiaoguang2022-01-234-20/+61
| | | Bypass the unstable behavior of Golang's mime.TypeByExtension
* Always use git command but not os.Command (#18363)Lunny Xiao2022-01-231-18/+14
|
* Make gitea, gitea-vet future-proof (#18361)Gusted2022-01-221-0/+1
| | | | | | | | | * Make gitea, gitea-vet future-proof - Ref: https://gitea.com/gitea/gitea-vet/pulls/18 * Correct order Co-authored-by: zeripath <art27@cantab.net>
* Pause queues (#15928)zeripath2022-01-2223-115/+1314
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Start adding mechanism to return unhandled data Signed-off-by: Andrew Thornton <art27@cantab.net> * Create pushback interface Signed-off-by: Andrew Thornton <art27@cantab.net> * Add Pausable interface to WorkerPool and Manager Signed-off-by: Andrew Thornton <art27@cantab.net> * Implement Pausable and PushBack for the bytefifos Signed-off-by: Andrew Thornton <art27@cantab.net> * Implement Pausable and Pushback for ChannelQueues and ChannelUniqueQueues Signed-off-by: Andrew Thornton <art27@cantab.net> * Wire in UI for pausing Signed-off-by: Andrew Thornton <art27@cantab.net> * add testcases and fix a few issues Signed-off-by: Andrew Thornton <art27@cantab.net> * fix build Signed-off-by: Andrew Thornton <art27@cantab.net> * prevent "race" in the test Signed-off-by: Andrew Thornton <art27@cantab.net> * fix jsoniter mismerge Signed-off-by: Andrew Thornton <art27@cantab.net> * fix conflicts Signed-off-by: Andrew Thornton <art27@cantab.net> * fix format Signed-off-by: Andrew Thornton <art27@cantab.net> * Add warnings for no worker configurations and prevent data-loss with redis/levelqueue Signed-off-by: Andrew Thornton <art27@cantab.net> * Use StopTimer Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Disable content sniffing on `PlainTextBytes` (#18359)Gusted2022-01-221-0/+1
| | | | | | | | - Disable the browser's function to "sniff" for the content-type on the provided plain text, this will prevent the possible usage of user-controlled data being sent, which could be malicious. Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix route wrap (#18360)wxiaoguang2022-01-221-0/+3
|
* Add config options to hide issue events (#17414)qwerty2872022-01-212-4/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add config option to hide issue events Adds a config option `HIDE_ISSUE_EVENTS` to hide most issue events (changed labels, milestones, projects...) on the issue detail page. If this is true, only the following events (comment types) are shown: * plain comments * closed/reopned/merged * reviews * Make configurable using a list * Add docs * Add missing newline * Fix merge issues * Allow changes per user settings * Fix lint * Rm old docs * Apply suggestions from code review * Use bitsets * Rm comment * fmt * Fix lint * Use variable/constant to provide key * fmt * fix lint * refactor * Add a prefix for user setting key * Add license comment * Add license comment * Update services/forms/user_form_hidden_comments.go Co-authored-by: Gusted <williamzijl7@hotmail.com> * check len == 0 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: 6543 <6543@obermui.de>
* format with gofumpt (#18184)65432022-01-20186-864/+769
| | | | | | | | | | | * gofumpt -w -l . * gofumpt -w -l -extra . * Add linter * manual fix * change make fmt
* Enable deprecation error for v1.17.0 (#18341)Gusted2022-01-209-52/+83
| | | Co-authored-by: Andrew Thornton <art27@cantab.net>
* Refactor Router Logger (#17308)wxiaoguang2022-01-2014-194/+843
| | | | | | Make router logger more friendly, show the related function name/file/line. [BREAKING] This PR substantially changes the logging format of the router logger. If you use this logging for monitoring e.g. fail2ban you will need to update this to match the new format.
* Updated Chroma to v0.10.0 (#18270)Jelle Hulter2022-01-202-32/+30
|
* refactor httplib (#18338)Gusted2022-01-191-285/+7
| | | | | | - Remove a lot of unused code(most if not all were introduced in gogs for webhooks usages). Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Propagate context and ensure git commands run in request context (#17868)zeripath2022-01-1968-446/+504
| | | | | | | | | This PR continues the work in #17125 by progressively ensuring that git commands run within the request context. This now means that the if there is a git repo already open in the context it will be used instead of reopening it. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add MirrorUpdated field to Repository API type (#18267)Peter Gardfjäll2022-01-182-1/+8
| | | | | Add the last update time to the repository api type. Close #18266
* Remove unneeded debug messages to stdout. (#18298)Ben Niemann2022-01-161-4/+0
| | | Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Remove golang vendored directory (#18277)techknowlogick2022-01-143-3/+3
| | | | | | | * rm go vendor * fix drone yaml * add to gitignore
* Support webauthn (#17957)Lunny Xiao2022-01-144-8/+109
| | | | | | | Migrate from U2F to Webauthn Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix NPE on try to get tag reference via API (#18245)65432022-01-127-12/+5
| | | | | * fix npe * rm gitRepo from Tag
* Fix source typos (#18227)luzpaz2022-01-102-4/+4
| | | Follow-up to #18219
* Fix various typos (#18219)luzpaz2022-01-1011-16/+16
| | | | | Found via `codespell -q 3 -S ./options/locale,./vendor -L ba,pullrequest,pullrequests,readby,te,unknwon` Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Remove `ioutil` (#18222)Gusted2022-01-101-2/+2
| | | | | | | | | | | | - Don't use `ioutil` package anymore as it doesn't anything special anymore since Go 1.16: ``` // As of Go 1.16, the same functionality is now provided // by package io or package os, and those implementations // should be preferred in new code. ``` Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Sort locales according to their names (#18211)delvh2022-01-081-1/+9
| | | | | * Sort locales according to their names * Fix documentation and sort case insensitive
* Restore setting of ctx.Repo.Mirror (#18205)zeripath2022-01-081-4/+4
| | | | | | | | | | | | | | In #17933 repoAssignment no longer sets the ctx.Repo.Mirror field meaning that attempting change mirror settings results in an NPE. This PR simply restores this. Either we should remove this field or, we should set it. At present it seems simplest to set it instead of going looking in the Data for the value although converting the context to a bag of things may be the correct approach in the future. Fix #18204 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Don't store assets modified time into generated files (#18193)Lunny Xiao2022-01-065-2/+64
|
* Add warning for BIDI characters in page renders and in diffs (#17562)zeripath2022-01-072-0/+432
| | | | | | | | | | | | Fix #17514 Given the comments I've adjusted this somewhat. The numbers of characters detected are increased and include things like the use of U+300 to make à instead of à and non-breaking spaces. There is a button which can be used to escape the content to show it. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Gwyneth Morgan <gwymor@tilde.club> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>