aboutsummaryrefslogtreecommitdiffstats
path: root/routers/web/user
Commit message (Collapse)AuthorAgeFilesLines
* Clean up WebAuthn javascript code and remove JQuery code (#22697)zeripath2023-06-061-2/+4
| | | | | | | | | | | | | | | | | There were several issues with the WebAuthn registration and testing code and the style was very old javascript with jquery callbacks. This PR uses async and fetch to replace the JQuery code. Ref #22651 Signed-off-by: Andrew Thornton <art27@cantab.net> --------- Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: silverwind <me@silverwind.io>
* Add ability to set multiple redirect URIs in OAuth application UI (#25072)Denys Konovalov2023-06-051-2/+3
| | | | | | | | | | | | | | | | | | | | OAuth applications can already have multiple redirect URIs if created/edited over API. This change allows for setting multiple redirect URIs through the UI as a comma-separated list (e. g. `https://example.org/redirect,https://redirect.example.org`) <details> <summary>Screenshots</summary> ![Bildschirmfoto vom 2023-06-04 17-14-40](https://github.com/go-gitea/gitea/assets/47871822/2206dc32-e7e4-4953-9ecb-e098890b3f54) ![Bildschirmfoto vom 2023-06-04 17-14-50](https://github.com/go-gitea/gitea/assets/47871822/cd97c73c-9310-44ee-a83a-b927a1ef94da) </details> Closes #25068
* Redesign Scoped Access Tokens (#24767)Jack Hay2023-06-041-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ## Changes - Adds the following high level access scopes, each with `read` and `write` levels: - `activitypub` - `admin` (hidden if user is not a site admin) - `misc` - `notification` - `organization` - `package` - `issue` - `repository` - `user` - Adds new middleware function `tokenRequiresScopes()` in addition to `reqToken()` - `tokenRequiresScopes()` is used for each high-level api section - _if_ a scoped token is present, checks that the required scope is included based on the section and HTTP method - `reqToken()` is used for individual routes - checks that required authentication is present (but does not check scope levels as this will already have been handled by `tokenRequiresScopes()` - Adds migration to convert old scoped access tokens to the new set of scopes - Updates the user interface for scope selection ### User interface example <img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM" src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3"> <img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM" src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c"> ## tokenRequiresScopes Design Decision - `tokenRequiresScopes()` was added to more reliably cover api routes. For an incoming request, this function uses the given scope category (say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say `DELETE`) and verifies that any scoped tokens in use include `delete:organization`. - `reqToken()` is used to enforce auth for individual routes that require it. If a scoped token is not present for a request, `tokenRequiresScopes()` will not return an error ## TODO - [x] Alphabetize scope categories - [x] Change 'public repos only' to a radio button (private vs public). Also expand this to organizations - [X] Disable token creation if no scopes selected. Alternatively, show warning - [x] `reqToken()` is missing from many `POST/DELETE` routes in the api. `tokenRequiresScopes()` only checks that a given token has the correct scope, `reqToken()` must be used to check that a token (or some other auth) is present. - _This should be addressed in this PR_ - [x] The migration should be reviewed very carefully in order to minimize access changes to existing user tokens. - _This should be addressed in this PR_ - [x] Link to api to swagger documentation, clarify what read/write/delete levels correspond to - [x] Review cases where more than one scope is needed as this directly deviates from the api definition. - _This should be addressed in this PR_ - For example: ```go m.Group("/users/{username}/orgs", func() { m.Get("", reqToken(), org.ListUserOrgs) m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser, auth_model.AccessTokenScopeCategoryOrganization), context_service.UserAssignmentAPI()) ``` ## Future improvements - [ ] Add required scopes to swagger documentation - [ ] Redesign `reqToken()` to be opt-out rather than opt-in - [ ] Subdivide scopes like `repository` - [ ] Once a token is created, if it has no scopes, we should display text instead of an empty bullet point - [ ] If the 'public repos only' option is selected, should read categories be selected by default Closes #24501 Closes #24799 Co-authored-by: Jonathan Tran <jon@allspice.io> Co-authored-by: Kyle D <kdumontnu@gmail.com> Co-authored-by: silverwind <me@silverwind.io>
* Add user level action runners (#24995)HesterG2023-05-311-1/+1
| | | | | | | | | Used similar logic to organization. <img width="1437" alt="Screen Shot 2023-05-30 at 10 18 06" src="https://github.com/go-gitea/gitea/assets/17645053/49f3800a-44ae-4188-b1e6-91d49e3d7868"> <img width="1331" alt="Screen Shot 2023-05-30 at 10 31 18" src="https://github.com/go-gitea/gitea/assets/17645053/221b2068-e9b9-4e34-bb4a-d390594b2f35">
* Improve some Forms (#24878)JakobDev2023-05-261-0/+1
| | | | | | | | | Don't really know a better name for this. I've gone through some Forms and added missing HTML attributes (mostly `maxlength`). I tried to fill the Forms with dummy Data and see if Gitea throws a Error (e.g. maximum length). If yes, I added the missing HTML attribute. While working on this, I discovered that the Form to add OAuth2 Apps just silently fails when filled with invalid data, so I fixed that too.
* Refactor rename user and rename organization (#24052)Lunny Xiao2023-05-211-7/+8
| | | | | | | | | | This PR is a refactor at the beginning. And now it did 4 things. - [x] Move renaming organizaiton and user logics into services layer and merged as one function - [x] Support rename a user capitalization only. For example, rename the user from `Lunny` to `lunny`. We just need to change one table `user` and others should not be touched. - [x] Before this PR, some renaming were missed like `agit` - [x] Fix bug the API reutrned from `http.StatusNoContent` to `http.StatusOK`
* Some refactors for issues stats (#24793)Lunny Xiao2023-05-191-16/+12
| | | | | | | | This PR - [x] Move some functions from `issues.go` to `issue_stats.go` and `issue_label.go` - [x] Remove duplicated issue options `UserIssueStatsOption` to keep only one `IssuesOptions`
* Add Alpine package registry (#23714)KN4CK3R2023-05-121-0/+22
| | | | | | | | | | | | | | | | | | This PR adds an Alpine package registry. You can follow [this tutorial](https://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package) to build a *.apk package for testing. This functionality is similar to the Debian registry (#22854) and therefore shares some methods. I marked this PR as blocked because it should be merged after #22854. ![grafik](https://user-images.githubusercontent.com/1666336/227779595-b76163aa-eea1-4a79-9583-775c24ad74e8.png) --------- Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Giteabot <teabot@gitea.io>
* Add Gitea Profile Readmes (#23260)Nicholas Pease2023-05-091-0/+33
| | | | | | | | | | | | | | | | | | | | | | | | | Implements displaying a README.md file present in a users ```.profile``` repository on the users profile page. If no such repository/file is present, the user's profile page remains unchanged. Example of user with ```.profile/README.md``` ![image](https://user-images.githubusercontent.com/34464552/222757202-5d53ac62-60d9-432f-b9e3-2537ffa91041.png) Example of user without ```.profile/README.md``` ![image](https://user-images.githubusercontent.com/34464552/222759972-576e058b-acd4-47ac-be33-38a7cb58cc81.png) This pull request closes the feature request in #12233 Special thanks to @techknowlogick for the help in the Gitea discord! --------- Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Yarden Shoham <hrsi88@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: yp05327 <576951401@qq.com> Co-authored-by: Yarden Shoham <git@yardenshoham.com>
* Split "modules/context.go" to separate files (#24569)wxiaoguang2023-05-081-1/+1
| | | | | | | | | | | | | | The "modules/context.go" is too large to maintain. This PR splits it to separate files, eg: context_request.go, context_response.go, context_serve.go This PR will help: 1. The future refactoring for Gitea's web context (eg: simplify the context) 2. Introduce proper "range request" support 3. Introduce context function This PR only moves code, doesn't change any logic.
* Merge setting.InitXXX into one function with options (#24389)Lunny Xiao2023-05-041-12/+15
| | | | This PR will merge 3 Init functions on setting packages as 1 and introduce an options struct.
* Add Debian package registry (#24426)KN4CK3R2023-05-021-6/+28
| | | | | | | | | | | | | | | | | | | | | | | | Co-authored-by: @awkwardbunny This PR adds a Debian package registry. You can follow [this tutorial](https://www.baeldung.com/linux/create-debian-package) to build a *.deb package for testing. Source packages are not supported at the moment and I did not find documentation of the architecture "all" and how these packages should be treated. ![grafik](https://user-images.githubusercontent.com/1666336/218126879-eb80a866-775c-4c8e-8529-5797203a64e6.png) Part of #20751. Revised copy of #22854. --------- Co-authored-by: Brian Hong <brian@hongs.me> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Giteabot <teabot@gitea.io>
* Add follow organization and fix the logic of following page (#24345)yp053272023-04-291-20/+21
| | | | | | | | | | | | | | | ![image](https://user-images.githubusercontent.com/18380374/234740589-066f2e5c-30c7-4fc3-a539-066100e1f138.png) ![image](https://user-images.githubusercontent.com/18380374/234740605-88efe55d-7eaa-422e-ab86-0b5a402ca11c.png) Maybe we can fix user card tmpl in #24319? Or maybe a list is better here ![image](https://user-images.githubusercontent.com/18380374/234451417-7f93df20-4b19-4abb-a62d-4c67e1aa2220.png) --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Giteabot <teabot@gitea.io>
* Revert "Add Debian package registry" (#24412)Yarden Shoham2023-04-281-28/+6
| | | Reverts go-gitea/gitea#22854
* Add Debian package registry (#22854)KN4CK3R2023-04-281-6/+28
| | | | | | | | | | | | | | Co-authored-by: @awkwardbunny This PR adds a Debian package registry. You can follow [this tutorial](https://www.baeldung.com/linux/create-debian-package) to build a *.deb package for testing. Source packages are not supported at the moment and I did not find documentation of the architecture "all" and how these packages should be treated. --------- Co-authored-by: Brian Hong <brian@hongs.me> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Fix unclear `IsRepositoryExist` logic (#24374)wxiaoguang2023-04-281-1/+1
| | | | | | | | | | | | | | | There was only one `IsRepositoryExist` function, it did: `has && isDir` However it's not right, and it would cause 500 error when creating a new repository if the dir exists. Then, it was changed to `has || isDir`, it is still incorrect, it affects the "adopt repo" logic. To make the logic clear: * IsRepositoryModelOrDirExist * IsRepositoryModelExist
* Move secrets and runners settings to actions settings (#24200)Hester Gong2023-04-271-36/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR moves the secrets and runners settings to actions settings on all settings(repo,org,user,admin) levels. After this PR, if [ENABLED](https://github.com/go-gitea/gitea/blob/5e7543fcf441afb30aba6188edac754ef32b9ac3/custom/conf/app.example.ini#L2604) inside `app.ini` under `[actions]` is set to `false`, the "Actions" tab (including runners management and secrets management) will not be shown. After, the settings under actions settings for each level: 1. Admin Level "Runners Management" <img width="1437" alt="Screen Shot 2023-04-26 at 14 34 20" src="https://user-images.githubusercontent.com/17645053/234489731-15822d21-38e1-4560-8bbe-69f122376abc.png"> 2. User Level "Secrets Management" <img width="1427" alt="Screen Shot 2023-04-26 at 14 34 30" src="https://user-images.githubusercontent.com/17645053/234489795-68c9c0cb-24f8-4f09-95c6-458ab914c313.png"> 3. Repo and Organization Levels "Runners Management" and "Secrets Management" Org: <img width="1437" alt="Screen Shot 2023-04-26 at 14 35 07" src="https://user-images.githubusercontent.com/17645053/234489996-f3af5ebb-d354-46ca-9087-a0b586845281.png"> <img width="1433" alt="Screen Shot 2023-04-26 at 14 35 14" src="https://user-images.githubusercontent.com/17645053/234490004-3abf8fed-81fd-4ce2-837a-935dade1793d.png"> Repo: <img width="1419" alt="Screen Shot 2023-04-26 at 14 34 50" src="https://user-images.githubusercontent.com/17645053/234489904-80c11038-4b58-462c-9d0b-8b7cf70bc2b3.png"> <img width="1430" alt="Screen Shot 2023-04-26 at 14 34 57" src="https://user-images.githubusercontent.com/17645053/234489918-4e8d1fe2-9bcd-4d8a-96c1-238a8088d92e.png"> It also finished these tasks : - [x] rename routers function "runners" to "actions", and refactor related file names - [x] check and modify part of the runners related functions to match their name - [x] Fix backend check caused by fmt check --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Refactor "route" related code, fix Safari cookie bug (#24330)wxiaoguang2023-04-271-0/+50
| | | | | | | | | Fix #24176 Clean some misuses of route package, clean some legacy FIXMEs --------- Co-authored-by: Giteabot <teabot@gitea.io>
* Only delete secrets belonging to its owner (#24284)KN4CK3R2023-04-231-0/+2
|
* Fix unclear "Owner" concept (#24233)wxiaoguang2023-04-202-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | Some user/org pages use `Owner` variable. It's an incorrect concept since year 2016: what is a user's owner? Actually, new code is right: use `ContextUser`. This PR cleans all legacy "Owner" variables. ## Screenshots for related pages and test results All pages are as before: ### `web/org/home.go` ![image](https://user-images.githubusercontent.com/2114189/233366687-a3643025-1f78-474d-a901-deea35b72f4d.png) ### `web/user/profile.go` ![image](https://user-images.githubusercontent.com/2114189/233366812-2e5c2fbc-3f78-44e7-88c1-ec2f612c241e.png) ### `web/user/setting/profile.go` ![image](https://user-images.githubusercontent.com/2114189/233366928-7a1e52c9-b400-4379-a4be-af06a853c5fa.png)
* Localize activity heatmap (except tooltip) (#24131)Yarden Shoham2023-04-172-0/+2
| | | | | | | | | | | | | | | The calculation of the total sum is moved to the backend so a full HTML string could be sent. ![image](https://user-images.githubusercontent.com/20454870/232112381-c11d896b-ba47-40f8-b2a3-71cf4b3208de.png) - Closes #10669 - 2nd attempt (the first was in #21570) --------- Signed-off-by: Yarden Shoham <git@yardenshoham.com> Co-authored-by: Giteabot <teabot@gitea.io>
* Add option to search for users is active join a team (#24093)Tyrone Yeh2023-04-141-0/+1
| | | | | | | | Adding a user in a team to enter a username gives a list of no active users --------- Co-authored-by: Jason Song <i@wolfogre.com>
* Fix profile page email display, respect settings (#23747)wxiaoguang2023-03-271-1/+1
| | | | | | | | | | | | | Always respect the `setting.UI.ShowUserEmail` and `KeepEmailPrivate` setting. * It doesn't make sense to show user's own E-mail to themself. * Always hide the E-mail if KeepEmailPrivate=true, then the user could know how their profile page looks like for others. * Revert the `setting.UI.ShowUserEmail` change from #4981 . This setting is used to control the E-mail display, not only for the user list page. ps: the incorrect `<div .../>` tag on the profile page has been fixed by #23748 together, so this PR becomes simpler.
* Fix pagination on `/notifications/watching` (#23564)silverwind2023-03-201-1/+4
| | | | | The `q` parameter was not rendered in pagination links because `context.Pagination:AddParam` checks for existance of the parameter in `ctx.Data` where it was absent. Added the parameter there to fix it.
* add user rename endpoint to admin api (#22789)techknowlogick2023-03-141-37/+15
| | | | | | | | | | | | this is a simple endpoint that adds the ability to rename users to the admin API. Note: this is not in a mergeable state. It would be better if this was handled by a PATCH/POST to the /api/v1/admin/users/{username} endpoint and the username is modified. --------- Co-authored-by: Jason Song <i@wolfogre.com>
* Use context for `RepositoryList.LoadAttributes` (#23435)yp053272023-03-131-1/+1
|
* Add missing tabs to org projects page (#22705)yp053272023-03-102-0/+2
| | | | | | | | | | | | | | | | | Fixes https://github.com/go-gitea/gitea/issues/22676 Context Data `IsOrganizationMember` and `IsOrganizationOwner` is used to control the visibility of `people` and `team` tab. https://github.com/go-gitea/gitea/blob/2871ea08096cba15546f357d0ec473734ee9d8be/templates/org/menu.tmpl#L19-L40 And because of the reuse of user projects page, User Context is changed to Organization Context. But the value of `IsOrganizationMember` and `IsOrganizationOwner` are not being given. I reused func `HandleOrgAssignment` to add them to the ctx, but may have some unnecessary variables, idk whether it is ok. I found there is a missing `PageIsViewProjects` at create project page.
* Add user webhooks (#21563)KN4CK3R2023-03-101-0/+48
| | | | | | | Currently we can add webhooks for organizations but not for users. This PR adds the latter. You can access it from the current users settings. ![grafik](https://user-images.githubusercontent.com/1666336/197391408-15dfdc23-b476-4d0c-82f7-9bc9b065988f.png)
* Set `X-Gitea-Debug` header once (#23361)Yarden Shoham2023-03-081-1/+1
| | | | | | | | | | | | | | | | | | | | Instead of adding it # Before On the raw commit page: ![image](https://user-images.githubusercontent.com/20454870/223470744-cdf11898-e023-4198-8c8b-c294e5d78b73.png) # After ![image](https://user-images.githubusercontent.com/20454870/223470596-af898d66-bd5b-4ddb-b220-ceb1f149bfec.png) Fixes #23308 --------- Signed-off-by: Yarden Shoham <hrsi88@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Use context parameter in services/repository (#23186)Jason Song2023-02-281-2/+2
| | | | | | | | Use context parameter in `services/repository`. And use `cache.WithCacheContext(ctx)` to generate push action history feeds. Fix #23160
* Add "Reviewed by you" filter for pull requests (#22927)Brecht Van Lommel2023-02-241-0/+4
| | | | | | | | | | This includes pull requests that you approved, requested changes or commented on. Currently such pull requests are not visible in any of the filters on /pulls, while they may need further action like merging, or prodding the author or reviewers. Especially when working with a large team on a repository it's helpful to get a full overview of pull requests that may need your attention, without having to sift through the complete list.
* Add pagination for dashboard and user activity feeds (#22937)Brecht Van Lommel2023-02-242-12/+47
| | | | Previously only the last few activities where available. This works for all activity and for activity on a date chosen on the heatmap.
* Provide the ability to set password hash algorithm parameters (#22942)zeripath2023-02-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | This PR refactors and improves the password hashing code within gitea and makes it possible for server administrators to set the password hashing parameters In addition it takes the opportunity to adjust the settings for `pbkdf2` in order to make the hashing a little stronger. The majority of this work was inspired by PR #14751 and I would like to thank @boppy for their work on this. Thanks to @gusted for the suggestion to adjust the `pbkdf2` hashing parameters. Close #14751 --------- Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Sort issues and pulls by recently updated in user and organization home (#22925)Brecht Van Lommel2023-02-171-0/+5
| | | | | | | | | | | | | | The main purpose of these home pages should be getting an overview of what's going on or needs attention. Recently updated is a better default than newest for that purpose, to avoid missing active issues and pulls that were not created recently. The default sorting order in repository issues and pulls remains newest. Repositories in an organization are already sorted by recently updated. --------- Co-authored-by: Jason Song <i@wolfogre.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Add context cache as a request level cache (#22294)Lunny Xiao2023-02-152-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To avoid duplicated load of the same data in an HTTP request, we can set a context cache to do that. i.e. Some pages may load a user from a database with the same id in different areas on the same page. But the code is hidden in two different deep logic. How should we share the user? As a result of this PR, now if both entry functions accept `context.Context` as the first parameter and we just need to refactor `GetUserByID` to reuse the user from the context cache. Then it will not be loaded twice on an HTTP request. But of course, sometimes we would like to reload an object from the database, that's why `RemoveContextData` is also exposed. The core context cache is here. It defines a new context ```go type cacheContext struct { ctx context.Context data map[any]map[any]any lock sync.RWMutex } var cacheContextKey = struct{}{} func WithCacheContext(ctx context.Context) context.Context { return context.WithValue(ctx, cacheContextKey, &cacheContext{ ctx: ctx, data: make(map[any]map[any]any), }) } ``` Then you can use the below 4 methods to read/write/del the data within the same context. ```go func GetContextData(ctx context.Context, tp, key any) any func SetContextData(ctx context.Context, tp, key, value any) func RemoveContextData(ctx context.Context, tp, key any) func GetWithContextCache[T any](ctx context.Context, cacheGroupKey string, cacheTargetID any, f func() (T, error)) (T, error) ``` Then let's take a look at how `system.GetString` implement it. ```go func GetSetting(ctx context.Context, key string) (string, error) { return cache.GetWithContextCache(ctx, contextCacheKey, key, func() (string, error) { return cache.GetString(genSettingCacheKey(key), func() (string, error) { res, err := GetSettingNoCache(ctx, key) if err != nil { return "", err } return res.SettingValue, nil }) }) } ``` First, it will check if context data include the setting object with the key. If not, it will query from the global cache which may be memory or a Redis cache. If not, it will get the object from the database. In the end, if the object gets from the global cache or database, it will be set into the context cache. An object stored in the context cache will only be destroyed after the context disappeared.
* Fix improper HTMLURL usages in Go code (#22839)wxiaoguang2023-02-112-2/+2
| | | | | | | | | In Go code, HTMLURL should be only used for external systems, like API/webhook/mail/notification, etc. If a URL is used by `Redirect` or rendered in a template, it should be a relative URL (aka `Link()` in Gitea) Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Add Chef package registry (#22554)KN4CK3R2023-02-061-0/+22
| | | | | | | | | | | | | This PR implements a [Chef registry](https://chef.io/) to manage cookbooks. This package type was a bit complicated because Chef uses RSA signed requests as authentication with the registry. ![grafik](https://user-images.githubusercontent.com/1666336/213747995-46819fd8-c3d6-45a2-afd4-a4c3c8505a4a.png) ![grafik](https://user-images.githubusercontent.com/1666336/213748145-d01c9e81-d4dd-41e3-a3cc-8241862c3166.png) Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* remove update language in ProfilePost (#22748)yp053272023-02-061-4/+1
| | | | | | | Fixes https://github.com/go-gitea/gitea/issues/22703 Change language has been moved to `UpdateUserLang` Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Add Cargo package registry (#21888)KN4CK3R2023-02-051-0/+18
| | | | | | | | | | | | | | | | | | This PR implements a [Cargo registry](https://doc.rust-lang.org/cargo/) to manage Rust packages. This package type was a little bit more complicated because Cargo needs an additional Git repository to store its package index. Screenshots: ![grafik](https://user-images.githubusercontent.com/1666336/203102004-08d812ac-c066-4969-9bda-2fed818554eb.png) ![grafik](https://user-images.githubusercontent.com/1666336/203102141-d9970f14-dca6-4174-b17a-50ba1bd79087.png) ![grafik](https://user-images.githubusercontent.com/1666336/203102244-dc05743b-78b6-4d97-998e-ef76341a978f.png) --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Improve error report when user passes a private key (#22726)zeripath2023-02-021-0/+2
| | | | | | | | | | | | The error reported when a user passes a private ssh key as their ssh public key is not very nice. This PR improves this slightly. Ref #22693 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: delvh <dev.lh@web.de>
* Add main landmark to templates and adjust titles (#22670)Felipe Leopoldo Sologuren GutiƩrrez2023-02-016-9/+9
| | | | | | | * Add main aria landmark to templates * Adjust some titles to improve understanding of location in navigation Contributed by @Forgejo
* Add user secrets (#22191)KN4CK3R2023-02-011-0/+45
| | | | | | | | | | | | Fixes #22183 Replaces #22187 This PR adds secrets for users. I refactored the files for organizations and repos to use the same logic and templates. I splitted the secrets from deploy keys again and reverted the fix from #22187. --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Support org/user level projects (#22235)Lunny Xiao2023-01-202-9/+10
| | | | | | | | Fix #13405 <img width="1151" alt="image" src="https://user-images.githubusercontent.com/81045/209442911-7baa3924-c389-47b6-b63b-a740803e640e.png"> Co-authored-by: 6543 <6543@obermui.de>
* Support scoped access tokens (#20908)Chongyi Zheng2023-01-171-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | This PR adds the support for scopes of access tokens, mimicking the design of GitHub OAuth scopes. The changes of the core logic are in `models/auth` that `AccessToken` struct will have a `Scope` field. The normalized (no duplication of scope), comma-separated scope string will be stored in `access_token` table in the database. In `services/auth`, the scope will be stored in context, which will be used by `reqToken` middleware in API calls. Only OAuth2 tokens will have granular token scopes, while others like BasicAuth will default to scope `all`. A large amount of work happens in `routers/api/v1/api.go` and the corresponding `tests/integration` tests, that is adding necessary scopes to each of the API calls as they fit. - [x] Add `Scope` field to `AccessToken` - [x] Add access control to all API endpoints - [x] Update frontend & backend for when creating tokens - [x] Add a database migration for `scope` column (enable 'all' access to past tokens) I'm aiming to complete it before Gitea 1.19 release. Fixes #4300
* Change use of Walk to WalkDir to improve disk performance (#22462)Felipe Leopoldo Sologuren GutiƩrrez2023-01-161-4/+4
| | | | | | | | | | | | | As suggest by Go developers, use `filepath.WalkDir` instead of `filepath.Walk` because [*Walk is less efficient than WalkDir, introduced in Go 1.16, which avoids calling `os.Lstat` on every file or directory visited](https://pkg.go.dev/path/filepath#Walk). This proposition address that, in a similar way as https://github.com/go-gitea/gitea/pull/22392 did. Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Replace deprecated Webauthn library (#22400)techknowlogick2023-01-111-2/+2
| | | | | Fix #22052 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Improve utils of slices (#22379)Jason Song2023-01-112-2/+2
| | | | | | | | | | | | | | | | | | | - Move the file `compare.go` and `slice.go` to `slice.go`. - Fix `ExistsInSlice`, it's buggy - It uses `sort.Search`, so it assumes that the input slice is sorted. - It passes `func(i int) bool { return slice[i] == target })` to `sort.Search`, that's incorrect, check the doc of `sort.Search`. - Conbine `IsInt64InSlice(int64, []int64)` and `ExistsInSlice(string, []string)` to `SliceContains[T]([]T, T)`. - Conbine `IsSliceInt64Eq([]int64, []int64)` and `IsEqualSlice([]string, []string)` to `SliceSortedEqual[T]([]T, T)`. - Add `SliceEqual[T]([]T, T)` as a distinction from `SliceSortedEqual[T]([]T, T)`. - Redesign `RemoveIDFromList([]int64, int64) ([]int64, bool)` to `SliceRemoveAll[T]([]T, T) []T`. - Add `SliceContainsFunc[T]([]T, func(T) bool)` and `SliceRemoveAllFunc[T]([]T, func(T) bool)` for general use. - Add comments to explain why not `golang.org/x/exp/slices`. - Add unit tests.
* fix: code search title translation (#22285)John Olheiser2023-01-021-1/+1
| | | | | | | | | | | | | `code.title` isn't an existing translation. `explore.code` is the translation used for the tab, which I think matches closely enough for this instead of a brand new translation. Open to feedback on whether a new translation would be preferred instead. Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix key signature error page (#22229)Gusted2022-12-301-3/+9
| | | | | | | | | | | | | | | | | | | | | | | | - When the GPG key contains an error, such as an invalid signature or an email address that does not match the user.A page will be shown that says you must provide a signature for the token. - This page had two errors: one had the wrong translation key and the other tried to use an undefined variable [`.PaddedKeyID`](https://github.com/go-gitea/gitea/blob/e81ccc406bf723a5a58d685e7782f281736affd4/models/asymkey/gpg_key.go#L65-L72), which is a function implemented on the `GPGKey` struct, given that we don't have that, we use [`KeyID`](https://github.com/go-gitea/gitea/blob/e81ccc406bf723a5a58d685e7782f281736affd4/routers/web/user/setting/keys.go#L102) which is [the fingerprint of the publickey](https://pkg.go.dev/golang.org/x/crypto/openpgp/packet#PublicKey.KeyIdString) and is a valid way for opengpg to refer to a key. Before: ![image](https://user-images.githubusercontent.com/25481501/209404800-0e7c39ce-861a-455b-b234-62498d750aa8.png) After: ![image](https://user-images.githubusercontent.com/25481501/209404821-c70f81c6-fd10-4197-ab58-61cb9fc873d8.png) Co-authored-by: zeripath <art27@cantab.net>
* Move `convert` package to services (#22264)KN4CK3R2022-12-292-2/+2
| | | | | | | | | | Addition to #22256 The `convert` package relies heavily on different models which is [disallowed by our definition of modules](https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md#design-guideline). This helps to prevent possible import cycles. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>