summaryrefslogtreecommitdiffstats
path: root/routers/private
Commit message (Collapse)AuthorAgeFilesLines
* Refactor git command arguments and make all arguments to be safe to be used ↵wxiaoguang2022-10-232-3/+3
| | | | | | | (#21535) Follow #21464 Make all git command arguments strictly safe. Most changes are one-to-one replacing, keep all existing logic.
* log real ip of requests from ssh (#21216)Lunny Xiao2022-10-111-0/+4
| | | | | | | | | | | Partially fix #21213. This PR will get client IP address from SSH_CONNECTION env which should be the first field of that. And deliver it to the internal API so Gitea routers could record the real IP from SSH requests. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net>
* Allow specifying SECRET_KEY_URI, similar to INTERNAL_TOKEN_URI (#19663)Clar Fon2022-10-021-0/+5
| | | | | | Only load SECRET_KEY and INTERNAL_TOKEN if they exist. Never write the config file if the keys do not exist, which was only a fallback for Gitea upgraded from < 1.5 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add migrate repo archiver and packages storage support on command line (#20757)Lunny Xiao2022-08-161-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add migrate repo archiver and packages storage support on command line * Fix typo * Use stdCtx * Use packageblob and fix command description * Add migrate packages unit tests * Fix comment year * Fix the migrate storage command line description * Update cmd/migrate_storage.go Co-authored-by: zeripath <art27@cantab.net> * Update cmd/migrate_storage.go Co-authored-by: zeripath <art27@cantab.net> * Update cmd/migrate_storage.go Co-authored-by: zeripath <art27@cantab.net> * Fix test Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net>
* Add missing parameter for error in log message (#20144)Gusted2022-06-271-1/+1
| | | | | - Adds a `%v` for the last parameter, `err`. Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Allow manager logging to set SQL (#20064)zeripath2022-06-242-0/+8
| | | | | | | | | | | This PR adds a new manager command to switch on SQL logging and to turn it off. ``` gitea manager logging log-sql gitea manager logging log-sql --off ``` Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add more linters to improve code readability (#19989)Wim2022-06-203-3/+3
| | | | | | | | | | Add nakedret, unconvert, wastedassign, stylecheck and nolintlint linters to improve code readability - nakedret - https://github.com/alexkohler/nakedret - nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length. - unconvert - https://github.com/mdempsky/unconvert - Remove unnecessary type conversions - wastedassign - https://github.com/sanposhiho/wastedassign - wastedassign finds wasted assignment statements. - notlintlint - Reports ill-formed or insufficient nolint directives - stylecheck - https://staticcheck.io/docs/checks/#ST - keep style consistent - excluded: [ST1003 - Poorly chosen identifier](https://staticcheck.io/docs/checks/#ST1003) and [ST1005 - Incorrectly formatted error string](https://staticcheck.io/docs/checks/#ST1005)
* move agit dependcy (#19998)Lunny Xiao2022-06-171-2/+13
|
* Move issues related files into models/issues (#19931)Lunny Xiao2022-06-132-7/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Move access and repo permission to models/perm/access * fix test * fix git test * Move functions sequence * Some improvements per @KN4CK3R and @delvh * Move issues related code to models/issues * Move some issues related sub package * Merge * Fix test * Fix test * Fix test * Fix test * Rename some files
* Move some code into models/git (#19879)Lunny Xiao2022-06-121-4/+5
| | | | | | | | | | | | | | | | | | | * Move access and repo permission to models/perm/access * fix test * Move some git related files into sub package models/git * Fix build * fix git test * move lfs to sub package * move more git related functions to models/git * Move functions sequence * Some improvements per @KN4CK3R and @delvh
* Fix spelling mistake in ProcReceive (#19853)zeripath2022-06-011-1/+1
| | | | | There was a spelling mistake in the ProcReceive handler. This PR fixes this.
* Move almost all functions' parameter db.Engine to context.Context (#19748)Lunny Xiao2022-05-205-9/+9
| | | | * Move almost all functions' parameter db.Engine to context.Context * remove some unnecessary wrap functions
* Move access and repo permission to models/perm/access (#19350)Lunny Xiao2022-05-112-5/+6
| | | | | * Move access and repo permission to models/perm/access * Remove unnecessary code
* Use for a repo action one database transaction (#19576)65432022-05-031-1/+1
| | | | | ... more context (part of #9307)
* Remove legacy `+build:` constraint (#19582)wxiaoguang2022-05-022-2/+0
| | | Go 1.17 and later use modern `//go:build` constraints, the old `// +build:` constraints should be removed.
* Dont overwrite err with nil & rename PullCheckingFuncs to reflect there ↵65432022-05-021-1/+1
| | | | | | | | | | | usage (#19572) - dont overwrite err with nil unintentionaly - rename CheckPRReadyToMerge to CheckPullBranchProtections - rename prQueue to prPatchCheckerQueue from #9307 Co-authored-by: delvh <dev.lh@web.de>
* Add "Allow edits from maintainer" feature (#18002)qwerty2872022-04-281-2/+6
| | | | | | | | | | | | | | | | | Adds a feature [like GitHub has](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork) (step 7). If you create a new PR from a forked repo, you can select (and change later, but only if you are the PR creator/poster) the "Allow edits from maintainers" option. Then users with write access to the base branch get more permissions on this branch: * use the update pull request button * push directly from the command line (`git push`) * edit/delete/upload files via web UI * use related API endpoints You can't merge PRs to this branch with this enabled, you'll need "full" code write permissions. This feature has a pretty big impact on the permission system. I might forgot changing some things or didn't find security vulnerabilities. In this case, please leave a review or comment on this PR. Closes #17728 Co-authored-by: 6543 <6543@obermui.de>
* more context for models (#19511)65432022-04-282-3/+3
| | | | | make more usage of context, to have more db transaction in one session (make diff of #9307 smaller)
* Remove `git.Command.Run` and `git.Command.RunInDir*` (#19280)wxiaoguang2022-04-012-11/+9
| | | | | | Follows #19266, #8553, Close #18553, now there are only three `Run..(&RunOpts{})` functions. * before: `stdout, err := RunInDir(path)` * now: `stdout, _, err := RunStdString(&git.RunOpts{Dir:path})`
* Add Goroutine stack inspector to admin/monitor (#19207)zeripath2022-03-312-0/+162
| | | | | | | | | | | | | | | | | | | Continues on from #19202. Following the addition of pprof labels we can now more easily understand the relationship between a goroutine and the requests that spawn them. This PR takes advantage of the labels and adds a few others, then provides a mechanism for the monitoring page to query the pprof goroutine profile. The binary profile that results from this profile is immediately piped in to the google library for parsing this and then stack traces are formed for the goroutines. If the goroutine is within a context or has been created from a goroutine within a process context it will acquire the process description labels for that process. The goroutines are mapped with there associate pids and any that do not have an associated pid are placed in a group at the bottom as unbound. In this way we should be able to more easily examine goroutines that have been stuck. A manager command `gitea manager processes` is also provided that can export the processes (with or without stacktraces) to the command line. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Move checks for pulls before merge into own function (#19271)65432022-03-311-1/+1
| | | | | | | | This make checks in one single place so they dont differ and maintainer can not forget a check in one place while adding it to the other .... ( as it's atm ) Fix: * The API does ignore issue dependencies where Web does not * The API checks if "IsSignedIfRequired" where Web does not - UI probably do but nothing will some to craft custom requests * Default merge message is crafted a bit different between API and Web if not set on specific cases ...
* Make git.OpenRepository accept Context (#19260)65432022-03-301-1/+1
| | | | | * OpenRepositoryCtx -> OpenRepository * OpenRepository -> openRepositoryWithDefaultContext, only for internal usage
* Fix the bug: deploy key with write access can not push (#19010)wxiaoguang2022-03-222-41/+62
| | | Use DeployKeyID to replace the IsDeployKey, then CanWriteCode uses the DeployKeyID to check the write permission.
* Do not send notification emails to inactive users (#19131)zeripath2022-03-191-1/+1
| | | | | | | | Emails should not be sent to inactive users except for Activate and ResetPassword messages. Fix #18950 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Change git.cmd to RunWithContext (#18693)Martin Scholz2022-02-111-8/+16
| | | | | | | Change all `cmd...Pipeline` commands to `cmd.RunWithContext`. #18553 Co-authored-by: Martin Scholz <martin.scholz@versasec.com>
* Delete old git.NewCommand() and use it as git.NewCommandContext() (#18552)65432022-02-062-3/+3
|
* Validate migration files (#18203)Aravinth Manivannan2022-01-261-4/+6
| | | | | | | JSON Schema validation for data used by Gitea during migrations Discussion at https://forum.forgefriends.org/t/common-json-schema-for-repository-information/563 Co-authored-by: Loïc Dachary <loic@dachary.org>
* format with gofumpt (#18184)65432022-01-203-5/+4
| | | | | | | | | | | * gofumpt -w -l . * gofumpt -w -l -extra . * Add linter * manual fix * change make fmt
* Propagate context and ensure git commands run in request context (#17868)zeripath2022-01-196-34/+13
| | | | | | | | | This PR continues the work in #17125 by progressively ensuring that git commands run within the request context. This now means that the if there is a git repo already open in the context it will be used instead of reopening it. Signed-off-by: Andrew Thornton <art27@cantab.net>
* show pull link for agit pull request also (#18235)a10121127962022-01-171-0/+38
|
* Return nicer error if trying to pull from non-existent user (#18288)zeripath2022-01-161-3/+12
| | | | | | | | | | | * Return nicer error if trying to pull from non-existent user Gitea serv will currently return an 500 if we try to pull from a repository where the owner does not exist. This PR checks for the UserNotExist Error when checking for the user and will return a NotFound error instead. Fix #18225
* Fix various typos (#18219)luzpaz2022-01-101-1/+1
| | | | | Found via `codespell -q 3 -S ./options/locale,./vendor -L ba,pullrequest,pullrequests,readby,te,unknwon` Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Refactor HTTP request context (#17979)wxiaoguang2021-12-157-15/+15
|
* Some repository refactors (#17950)Lunny Xiao2021-12-121-1/+1
| | | | | | | | | * some repository refactors * remove unnecessary code * Fix test * Remove unnecessary banner
* Move keys to models/asymkey (#17917)Lunny Xiao2021-12-103-19/+20
| | | | | | | | | | | | | | | | | | | * Move keys to models/keys * Rename models/keys -> models/asymkey * change the missed package name * Fix package alias * Fix test * Fix docs * Fix test * Fix test * merge
* Move repository model into models/repo (#17933)Lunny Xiao2021-12-105-12/+14
| | | | | | | | | | | | | | | * Some refactors related repository model * Move more methods out of repository * Move repository into models/repo * Fix test * Fix test * some improvements * Remove unnecessary function
* Move accessmode into models/perm (#17828)Lunny Xiao2021-11-281-6/+7
|
* Move user related model into models/user (#17781)Lunny Xiao2021-11-243-14/+16
| | | | | | | | | | | | | * Move user related model into models/user * Fix lint for windows * Fix windows lint * Fix windows lint * Move some tests in models * Merge
* Use `*PushUpdateOptions` as receiver (#17724)Gusted2021-11-241-3/+3
|
* More pleasantly handle broken or missing git repositories (#17747)zeripath2021-11-221-0/+8
| | | | | | | | | | | | | | | | | | | | | | * More pleasantly handle broken or missing git repositories In #17742 it was noted that there a completely invalid git repository underlying a repo on gitea.com. This happened due to a problem during a migration however, it is not beyond the realms of possibility that a corruption could occur to another user. This PR adds a check to RepoAssignment that will detect if a repository loading has failed due to an absent git repository. It will then show a page suggesting the user contacts the administrator or deletes the repository. Fix #17742 Signed-off-by: Andrew Thornton <art27@cantab.net> * Update options/locale/locale_en-US.ini Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Move migrations into services and base into modules/migration (#17663)Lunny Xiao2021-11-161-1/+1
| | | | | | | * Move migrtions into services and base into modules/migration * Fix imports * Fix lint
* Move unit into models/unit/ (#17576)Lunny Xiao2021-11-092-6/+8
| | | | | * Move unit into models/unit/ * Rename unit.UnitType as unit.Type
* Prevent panic in serv.go with Deploy Keys (#17434)zeripath2021-10-261-1/+1
| | | | | | | | Unfortunately there was a regression in #17373 which missed that the user is not for deploy keys. This leads to a panic when pushing with deploy keys. Fix #17412 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Ensure correct SSH permissions check for private and restricted users (#17370)zeripath2021-10-201-2/+7
| | | | | | | | | | | | Repositories owned by private users and organisations and pulls by restricted users need to have permissions checked. Previously Serv would simply assumed that if the user could log in and the repository was not private then it would be visible. Fix #17364 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* refactor: move from io/ioutil to io and os package (#17109)Eng Zer Jun2021-09-221-2/+2
| | | | | | | | | The io/ioutil package has been deprecated as of Go 1.16, see https://golang.org/doc/go1.16#ioutil. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Clean-up HookPreReceive and restore functionality for pushing non-standard ↵zeripath2021-09-168-780/+990
| | | | | | | | | | | | | | | | | | refs (#16705) * Clean-up HookPreReceive and restore functionality for pushing non-standard refs There was an inadvertent breaking change in #15629 meaning that notes refs and other git extension refs will be automatically rejected. Further following #14295 and #15629 the pre-recieve hook code is untenably long and too complex. This PR refactors the hook code and removes the incorrect forced rejection of non-standard refs. Fix #16688 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Support unprotected file patterns (#16395)Jimmy Praet2021-09-111-0/+17
| | | | | | | Fixes #16381 Note that changes to unprotected files via the web editor still cannot be pushed directly to the protected branch. I could easily add such support for edits and deletes if needed. But for adding, uploading or renaming unprotected files, it is not trivial. * Extract & Move GetAffectedFiles to modules/git
* Add bundle download for repository (#14538)John Olheiser2021-08-242-4/+6
| | | | | | | | | | | | | | | | | * Add bundle download Signed-off-by: jolheiser <john.olheiser@gmail.com> * Fix fmt Signed-off-by: jolheiser <john.olheiser@gmail.com> * Fix build tags Signed-off-by: jolheiser <john.olheiser@gmail.com> * Download specific commit Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Fix spelling of HookProcReceiveResult (#16690)Lunny Xiao2021-08-141-1/+1
|
* Rename ctx.Form() to ctx.FormString() and move code into own file (#16571)65432021-08-111-1/+1
| | | | | | | Followup from #16562 prepare for #16567 * Rename ctx.Form() to ctx.FormString() * Reimplement FormX func to need less code and cpu cycles * Move code into own file