summaryrefslogtreecommitdiffstats
path: root/routers/api/v1
Commit message (Collapse)AuthorAgeFilesLines
* Performance improvements for pull request list page (#29900) (#29972)Lunny Xiao2024-03-222-13/+8
| | | | | | | | | This PR will avoid load pullrequest.Issue twice in pull request list page. It will reduce x times database queries for those WIP pull requests. Partially fix #29585 Backport #29900
* Add cache for dashbaord commit status (#29932)Lunny Xiao2024-03-201-2/+2
| | | backport #29444
* Fix PR creation via api between branches of same repo with head field ↵Giteabot2024-03-201-0/+2
| | | | | | | | | | | | | | | | | namespaced (#26986) (#29857) Backport #26986 by @norohind Fix #20175 Current implementation of API does not allow creating pull requests between branches of the same repo when you specify *namespace* (owner of the repo) in `head` field in http request body. --------- Co-authored-by: norohind <60548839+norohind@users.noreply.github.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Add missing database transaction for new issue (#29490) (#29607)Lunny Xiao2024-03-051-1/+1
| | | | | | When creating an issue, inserting issue, assign users and set project should be in the same transaction. Backport #29490
* Fix 500 when pushing release to an empty repo (#29554) (#29564)Giteabot2024-03-031-0/+5
| | | | | | | | | | Backport #29554 by @lng2020 As title. The former code directly used `ctx.Repo.GitRepo`, causing 500. https://github.com/go-gitea/gitea/blob/22b4f0c09f1de5e581929bd10f39833d30d2c482/routers/api/v1/repo/release.go#L241 Co-authored-by: Nanguan Lin <nanguanlin6@gmail.com>
* Fix wrong test usage of `AppSubURL` (#29459) (#29488)Giteabot2024-02-291-9/+9
| | | | | | | | Backport #29459 by @KN4CK3R The tests use an invalid `setting.AppSubURL`. The wrong behaviour disturbs other PRs like #29222 and #29427. Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
* Fix missed return (#29450) (#29453)Giteabot2024-02-271-0/+1
| | | | | Backport #29450 by @lunny Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Refactor issue template parsing and fix API endpoint (#29069) (#29140)wxiaoguang2024-02-142-6/+6
| | | | | | | | | | | | | | | | | | Backport #29069 The old code `GetTemplatesFromDefaultBranch(...) ([]*api.IssueTemplate, map[string]error)` doesn't really follow Golang's habits, then the second returned value might be misused. For example, the API function `GetIssueTemplates` incorrectly checked the second returned value and always responds 500 error. This PR refactors GetTemplatesFromDefaultBranch to ParseTemplatesFromDefaultBranch and clarifies its behavior, and fixes the API endpoint bug, and adds some tests. And by the way, add proper prefix `X-` for the header generated in `checkDeprecatedAuthMethods`, because non-standard HTTP headers should have `X-` prefix, and it is also consistent with the new code in `GetIssueTemplates`
* Fix an actions schedule bug (#28942) (#28999)Giteabot2024-01-311-2/+2
| | | | | | | | | | | | | | | Backport #28942 by @Zettat123 In #28691, schedule plans will be deleted when a repo's actions unit is disabled. But when the unit is enabled, the schedule plans won't be created again. This PR fixes the bug. The schedule plans will be created again when the actions unit is re-enabled --------- Co-authored-by: Zettat123 <zettat123@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* fix: update enable_prune even if mirror_interval is not provided (#28905) ↵Giteabot2024-01-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (#28929) Backport #28905 by @Anthony-Jhoiro Currently, the `updateMirror` function which update the mirror interval and enable prune properties is only executed by the `Edit` function. But it is only triggered if `opts.MirrorInterval` is not null, even if `opts.EnablePrune` is not null. With this patch, it is now possible to update the enable_prune property with a patch request without modifying the mirror_interval. ## Example request with httpie ### Currently: **Does nothing** ```bash http PATCH https://gitea.your-server/api/v1/repos/myOrg/myRepo "enable_prune:=false" -A bearer -a $gitea_token ``` **Updates both properties** ```bash http PATCH https://gitea.your-server/api/v1/repos/myOrg/myRepo "enable_prune:=false" "mirror_interval=10m" -A bearer -a $gitea_token ``` ### With the patch **Updates enable_prune only** ```bash http PATCH https://gitea.your-server/api/v1/repos/myOrg/myRepo "enable_prune:=false" -A bearer -a $gitea_token ``` Co-authored-by: Anthony Quéré <47711333+Anthony-Jhoiro@users.noreply.github.com>
* Forbid removing the last admin user (#28337) (#28793)Giteabot2024-01-161-1/+8
| | | | | | Backport #28337 by @yp05327 Co-authored-by: yp05327 <576951401@qq.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix `GetCommitStatuses` (#28787) (#28804)KN4CK3R2024-01-151-1/+3
| | | | | Backport #28787 Replaces #28802
* Fix schedule tasks bugs (#28691) (#28780)Lunny Xiao2024-01-141-1/+1
| | | | | | | | | | | | | | Fix #28157 Backport #28691 This PR fix the possible bugs about actions schedule. - Move `UpdateRepositoryUnit` and `SetRepoDefaultBranch` from models to service layer - Remove schedules plan from database and cancel waiting & running schedules tasks in this repository when actions unit has been disabled or global disabled. - Remove schedules plan from database and cancel waiting & running schedules tasks in this repository when default branch changed.
* Fix issue dependencies (#27736) (#28776)Giteabot2024-01-121-29/+32
| | | | | | | | | | | | | | | | | | | | | | | | | Backport #27736 by @lng2020 Fix #27722 Fix #27357 Fix #25837 Fix #28732 1. Fix the typo `BlockingByDependenciesNotPermitted`, which causes the `not permitted message` not to show. The correct one is `Blocking` or `BlockedBy` 2. Rewrite the perm check. The perm check uses a very tricky way to avoid duplicate checks for a slice of issues, which is confusing. In fact, it's also the reason causing the bug. It uses `lastRepoID` and `lastPerm` to avoid duplicate checks, but forgets to assign the `lastPerm` at the end of the code block. So I rewrote this to avoid this trick. ![I U1AT{GNFY3 1HZ`6L{(2L](https://github.com/go-gitea/gitea/assets/70063547/79acd02a-a567-4316-ae0d-11c6461becf1) 3. It also reuses the `blocks` slice, which is even more confusing. So I rewrote this too. ![UARFPXRGGZQFB7J$2`R}5_R](https://github.com/go-gitea/gitea/assets/70063547/f21cff0f-d9ac-4ce4-ae4d-adffc98ecd99) Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
* Require token for GET subscription endpoint (#28765) (#28768)Giteabot2024-01-121-3/+3
| | | | | | | | | | | Backport #28765 by @jackHay22 Fixes #28756 ## Changes - Require and check API token for `GET /repos/{owner}/{repo}/subscription` in order to populate `ctx.Doer`. Co-authored-by: Jack Hay <jack@allspice.io>
* Fix: system webhooks API bug (#28531) (#28666)Giteabot2023-12-311-6/+17
| | | | | | | | Backport #28531 by @pulltheflower - Fix the bug about admin/hooks API that `GET /admin/hooks` can only fetch system_hooks, `POST /admin/hooks` can only create default_hooks. Co-authored-by: vincent <38434877+pulltheflower@users.noreply.github.com>
* Refactor CORS handler (#28587) (#28611)wxiaoguang2023-12-251-3/+1
| | | | | | | | | | | | | Backport #28587, the only conflict is the test file. The CORS code has been unmaintained for long time, and the behavior is not correct. This PR tries to improve it. The key point is written as comment in code. And add more tests. Fix #28515 Fix #27642 Fix #17098
* chore(api): support ignore password if login source type is LDAP for ↵Giteabot2023-12-191-11/+21
| | | | | | | | | | | | | creating user API (#28491) (#28525) Backport #28491 by @appleboy - Modify the `Password` field in `CreateUserOption` struct to remove the `Required` tag - Update the `v1_json.tmpl` template to include the `email` field and remove the `password` field Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
* Do some missing checks (#28423) (#28432)Lunny Xiao2023-12-121-1/+19
| | | backport #28423
* Deprecate query string auth tokens (#28390) (#28430)Giteabot2023-12-121-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Backport #28390 by @jackHay22 ## Changes - Add deprecation warning to `Token` and `AccessToken` authentication methods in swagger. - Add deprecation warning header to API response. Example: ``` HTTP/1.1 200 OK ... Warning: token and access_token API authentication is deprecated ... ``` - Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth tokens entirely. Default is `false` ## Next steps - `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and the methods should be removed in swagger - `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of the auth methods in question should be removed ## Open questions - Should there be further changes to the swagger documentation? Deprecation is not yet supported for security definitions (coming in [OpenAPI Spec version 3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506)) - Should the API router logger sanitize urls that use `token` or `access_token`? (This is obviously an insufficient solution on its own) Co-authored-by: Jack Hay <jack@allspice.io> Co-authored-by: delvh <dev.lh@web.de>
* Also sync DB branches on push if necessary (#28361) (#28403)Lunny Xiao2023-12-111-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | Fix #28056 Backport #28361 This PR will check whether the repo has zero branch when pushing a branch. If that, it means this repository hasn't been synced. The reason caused that is after user upgrade from v1.20 -> v1.21, he just push branches without visit the repository user interface. Because all repositories routers will check whether a branches sync is necessary but push has not such check. For every repository, it has two states, synced or not synced. If there is zero branch for a repository, then it will be assumed as non-sync state. Otherwise, it's synced state. So if we think it's synced, we just need to update branch/insert new branch. Otherwise do a full sync. So that, for every push, there will be almost no extra load added. It's high performance than yours. For the implementation, we in fact will try to update the branch first, if updated success with affect records > 0, then all are done. Because that means the branch has been in the database. If no record is affected, that means the branch does not exist in database. So there are two possibilities. One is this is a new branch, then we just need to insert the record. Another is the branches haven't been synced, then we need to sync all the branches into database.
* enable system users search via the API (#28013) (#28018)Giteabot2023-12-081-12/+26
| | | | | | | | | | | | Backport #28013 by @earl-warren Refs: https://codeberg.org/forgejo/forgejo/issues/1403 (cherry picked from commit dd4d17c159eaf8b642aa9e6105b0532e25972bb7) --------- Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix comment permissions (#28213) (#28216)Lunny Xiao2023-11-2515-34/+163
| | | | | | | backport #28213 This PR will fix some missed checks for private repositories' data on web routes and API routes.
* Fix swagger title (#28164) (#28167)Giteabot2023-11-221-1/+1
| | | | | | | | | Backport #28164 by @yp05327 ![image](https://github.com/go-gitea/gitea/assets/18380374/380859b2-a643-42fd-b53e-78c93c05c826) Don't know why there's a `.` behind. 🤔 Co-authored-by: yp05327 <576951401@qq.com>
* Fix permissions for Token DELETE endpoint to match GET and POST (#27610) ↵Giteabot2023-11-171-1/+1
| | | | | | | | | | | | | | | (#28099) Backport #27610 by @evantobin Fixes #27598 In #27080, the logic for the tokens endpoints were updated to allow admins to create and view tokens in other accounts. However, the same functionality was not added to the DELETE endpoint. This PR makes the DELETE endpoint function the same as the other token endpoints and adds unit tests Co-authored-by: Evan Tobin <me@evantob.in>
* Unify two factor check (#27915) (#27929)Giteabot2023-11-061-36/+0
| | | | | | | | | | | | Backport #27915 by @KN4CK3R Fixes #27819 We have support for two factor logins with the normal web login and with basic auth. For basic auth the two factor check was implemented at three different places and you need to know that this check is necessary. This PR moves the check into the basic auth itself. Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
* Delete repos of org when purge delete user (#27273) (#27728)65432023-11-012-2/+2
| | | | | | | | | Fixes https://codeberg.org/forgejo/forgejo/issues/1514 Backports #27273 --------- Co-authored-by: JakobDev <jakobdev@gmx.de>
* Fix bad method call when deleting user secrets via API (#27829) (#27831)Giteabot2023-10-291-1/+1
| | | | | | | | | Backport #27829 by @jbgomond Fixed a little mistake when you deleting user secrets via the API. Found it when working on #27725. It should be backported to 1.21 I think. Co-authored-by: Jean-Baptiste Gomond <dev@jbgomond.com>
* Fix org team endpoint (#27721) (#27727)Giteabot2023-10-221-4/+4
| | | | | | | Backport #27721 by @lng2020 Fix #27711 Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
* api: GetPullRequestCommits: return file list (#27483) (#27539)Giteabot2023-10-092-2/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Backport #27483 by @msantos Fixes https://github.com/go-gitea/gitea/issues/27481 --- Patch tested: ```json [ { "url": "http://100.115.92.198:9292/api/v1/repos/msantos/test/git/commits/7664dcb44167e0f9efd994e4ca6a9164694adc27", "sha": "7664dcb44167e0f9efd994e4ca6a9164694adc27", "created": "2023-10-06T09:57:08-04:00", "html_url": "http://100.115.92.198:9292/msantos/test/commit/7664dcb44167e0f9efd994e4ca6a9164694adc27", ... "files": [ { "filename": "README.md", "status": "modified" } ], "stats": { "total": 2, "additions": 2, "deletions": 0 } } ] ``` Co-authored-by: Michael Santos <michael.santos@gmail.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Don't let API add 2 exclusive labels from same scope (#27433) (#27460)Giteabot2023-10-061-1/+1
| | | | | | | Backport #27433 by @JakobDev Fixes #27380 Co-authored-by: JakobDev <jakobdev@gmx.de>
* More `db.DefaultContext` refactor (#27265) (#27347)Giteabot2023-09-299-18/+18
| | | | | | | | | | | Backport #27265 by @JakobDev Part of #27065 This PR touches functions used in templates. As templates are not static typed, errors are harder to find, but I hope I catch it all. I think some tests from other persons do not hurt. Co-authored-by: JakobDev <jakobdev@gmx.de>
* Another round of `db.DefaultContext` refactor (#27103) (#27262)Giteabot2023-09-2515-33/+33
| | | | | | | | Backport #27103 by @JakobDev Part of #27065 Co-authored-by: JakobDev <jakobdev@gmx.de> Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
* Fix organization field being null in POST /orgs/{orgid}/teams (#27150) (#27163)Giteabot2023-09-211-1/+1
| | | | | | | | | | | | | | | | | Backport #27150 by @memphis88 Similarly to the fix in https://github.com/go-gitea/gitea/pull/24694, this addresses the team creation not returning the organization information in the response. This fix is connected to the [issue](https://gitea.com/gitea/terraform-provider-gitea/issues/27) discovered in the terraform provider. Moreover, the [documentation](https://docs.gitea.com/api/1.20/#tag/organization/operation/orgCreateTeam) suggests that the response body should include the `organization` field (currently being `null`). Co-authored-by: Dionysios Kakouris <1369451+memphis88@users.noreply.github.com>
* Fix token endpoints ignore specified account (#27080)CaiCandong2023-09-182-4/+20
| | | | | | | | | Fix #26234 close #26323 close #27040 --------- Co-authored-by: silverwind <me@silverwind.io>
* Make SSPI auth mockable (#27036)wxiaoguang2023-09-173-30/+4
| | | | | | Before, the SSPI auth is only complied for Windows, it's difficult to test and it breaks a lot. Now, make the SSPI auth mockable and testable.
* Add `RemoteAddress` to mirrors (#26952)KN4CK3R2023-09-161-5/+12
| | | | | This PR adds a new field `RemoteAddress` to both mirror types which contains the sanitized remote address for easier (database) access to that information. Will be used in the audit PR if merged.
* Next round of `db.DefaultContext` refactor (#27089)JakobDev2023-09-1612-38/+38
| | | Part of #27065
* More refactoring of `db.DefaultContext` (#27083)JakobDev2023-09-1513-22/+22
| | | Next step of #27065
* Reduce usage of `db.DefaultContext` (#27073)JakobDev2023-09-1413-25/+25
| | | | | | | | | | | | | | Part of #27065 This reduces the usage of `db.DefaultContext`. I think I've got enough files for the first PR. When this is merged, I will continue working on this. Considering how many files this PR affect, I hope it won't take to long to merge, so I don't end up in the merge conflict hell. --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add missing 404 response to Swagger (#27038)JakobDev2023-09-1345-0/+300
| | | | | Most middleware throw a 404 in case something is not found e.g. a Repo that is not existing. But most API endpoints don't include the 404 response in their documentation. This PR changes this.
* Extract auth middleware from service (#27028)KN4CK3R2023-09-121-2/+103
| | | | | | Related #27027 Extract the router logic from `services/auth/middleware.go` into `routers/web` <-> `routers/common` <-> `routers/api`.
* Move some functions to service layer (#26969)Lunny Xiao2023-09-081-2/+2
|
* move repository deletion to service layer (#26948)Lunny Xiao2023-09-083-7/+8
| | | Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Replace `util.SliceXxx` with `slices.Xxx` (#26958)CaiCandong2023-09-071-1/+2
|
* Add reverseproxy auth for API back with default disabled (#26703)Lunny Xiao2023-09-071-2/+8
| | | | | | | | | | | | | | | This feature was removed by #22219 to avoid possible CSRF attack. This PR takes reverseproxy auth for API back but with default disabled. To prevent possbile CSRF attack, the responsibility will be the reverseproxy but not Gitea itself. For those want to enable this `ENABLE_REVERSE_PROXY_AUTHENTICATION_API`, they should know what they are doing. --------- Co-authored-by: Giteabot <teabot@gitea.io>
* Move createrepository from module to service layer (#26927)Lunny Xiao2023-09-063-5/+4
| | | | Repository creation depends on many models, so moving it to service layer is better.
* Move notification interface to services layer (#26915)Lunny Xiao2023-09-054-13/+13
| | | Extract from #22266
* Refactor secrets modification logic (#26873)KN4CK3R2023-09-053-90/+86
| | | | - Share code between web and api - Add some tests
* Add missing `reqToken()` to notifications endpoints (#26914)JakobDev2023-09-051-3/+3
| | | | | | | | They currently throw a Internal Server Error when you use them without a token. Now they correctly return a `token is required` error. This is no security issue. If you use this endpoints with a token that don't have the correct permission, you get the correct error. This is not affected by this PR.
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-25 19:28:52 +0000