summaryrefslogtreecommitdiffstats
path: root/routers/web
Commit message (Collapse)AuthorAgeFilesLines
* Fix get reviewers' bug (#32415) (#32616)Lunny Xiao2024-11-231-4/+3
| | | | | | | | | | This PR rewrites `GetReviewer` function and move it to service layer. Reviewers should not be watchers, so that this PR removed all watchers from reviewers. When the repository is under an organization, the pull request unit read permission will be checked to resolve the bug of Fix #32394 Backport #32415
* Support HTTP POST requests to `/userinfo`, aligning to OpenID Core ↵Lunny Xiao2024-11-211-1/+1
| | | | specification (#32578) (#32594)
* Refactor find forks and fix possible bugs that weak permissions check ↵Lunny Xiao2024-11-191-12/+12
| | | | | | | | | | | | | | | (#32528) (#32547) Backport #32528 - Move models/GetForks to services/FindForks - Add doer as a parameter of FindForks to check permissions - Slight performance optimization for get forks API with batch loading of repository units - Add tests for forking repository to organizations --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Refactor push mirror find and add check for updating push mirror (#32539) ↵Lunny Xiao2024-11-181-36/+15
| | | | | | | | | (#32549) backport #32539 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix oauth2 error handle not return immediately (#32514) (#32516)Giteabot2024-11-151-0/+2
| | | | | Backport #32514 by lunny Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix `missing signature key` error when pulling Docker images with ↵Zettat1232024-11-015-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `SERVE_DIRECT` enabled (#32365) (#32397) Backport #32365 Fix #28121 I did some tests and found that the `missing signature key` error is caused by an incorrect `Content-Type` header. Gitea correctly sets the `Content-Type` header when serving files. https://github.com/go-gitea/gitea/blob/348d1d0f322ca57c459acd902f54821d687ca804/routers/api/packages/container/container.go#L712-L717 However, when `SERVE_DIRECT` is enabled, the `Content-Type` header may be set to an incorrect value by the storage service. To fix this issue, we can use query parameters to override response header values. https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html <img width="600px" src="https://github.com/user-attachments/assets/f2ff90f0-f1df-46f9-9680-b8120222c555" /> In this PR, I introduced a new parameter to the `URL` method to support additional parameters. ``` URL(path, name string, reqParams url.Values) (*url.URL, error) ```
* Respect UI.ExploreDefaultSort setting again (#32357) (#32385)65432024-10-312-2/+4
| | | | | | | | Backport #32357 fix regression of https://github.com/go-gitea/gitea/pull/29430 --- *Sponsored by Kithara Software GmbH*
* Fix disable 2fa bug (#32320) (#32330)Lunny Xiao2024-10-251-3/+6
| | | Backport #32320
* Fix the permission check for user search API and limit the number of ↵Zettat1232024-10-232-23/+10
| | | | | | | | | returned users for `/user/search` (#32310) Partially backport #32288 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Make `owner/repo/pulls` handlers use "PR reader" permission (#32254) (#32265)wxiaoguang2024-10-151-26/+29
| | | Backport #32254 (no conflict)
* Fix javascript error when an anonymous user visiting migration page (#32144) ↵Lunny Xiao2024-10-043-54/+45
| | | | | | | | | | | | | | (#32179) backport #32144 This PR fixes javascript errors when an anonymous user visits the migration page. It also makes task view checking more restrictive. The router moved from `/user/task/{id}/status` to `/username/reponame/-/migrate/status` because it's a migrate status. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Allow set branch protection in an empty repository (#32095) (#32119)Giteabot2024-09-241-1/+1
| | | | | | | Backport #32095 by @lunny Resolve #32093 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix Bug in Issue/pulls list (#32081) (#32115)Giteabot2024-09-241-0/+1
|
* Fix rename branch permission bug (#32066) (#32108)Giteabot2024-09-221-2/+1
| | | | | | | | | | Backport #32066 by @lunny The previous implementation requires admin permission to rename branches which should be write permission. Fix #31993 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix wrong last modify time (#32102) (#32104)Giteabot2024-09-221-1/+2
| | | | | | | | | Backport #32102 by @lunny Fix #31930 and more places which use `http.TimeFormat` wrongly. `http.TimeFormat` requires a UTC time. refer to https://pkg.go.dev/net/http#TimeFormat Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Refactor CSRF protector (#32057) (#32069)wxiaoguang2024-09-181-0/+2
| | | #32057 improves the CSRF handling and is worth to backport
* Fix sort order for organization home and user profile page (#31921) (#31922)yp053272024-09-022-0/+8
| | | Backport #31921
* Fix search team (#31923) (#31942)Giteabot2024-08-301-1/+6
| | | | | | | Backport #31923 by @lunny Fix #20658 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Don't return 500 if mirror url contains special chars (#31859) (#31895)Lunny Xiao2024-08-221-2/+4
| | | Backport #31859
* add CfTurnstileSitekey context data to all captcha templates (#31874) (#31876)Giteabot2024-08-202-0/+4
| | | | | | | | | | | | Backport #31874 by @bohde In the OpenID flows, the "CfTurnstileSitekey" wasn't populated, which caused those flows to fail if using Turnstile as the Captcha implementation. This adds the missing context variables, allowing Turnstile to be used in the OpenID flows. Co-authored-by: Rowan Bohde <rowan.bohde@gmail.com>
* Fix raw wiki links (#31825) (#31845)Giteabot2024-08-172-10/+68
| | | | | | | | | | | | | | | | | | | | | Backport #31825 by @Zettat123 Fix #31395 This regression is introduced by #30273. To find out how GitHub handles this case, I did [some tests](https://github.com/go-gitea/gitea/issues/31395#issuecomment-2278929115). I use redirect in this PR instead of checking if the corresponding `.md` file exists when rendering the link because GitHub also uses redirect. With this PR, there is no need to resolve the raw wiki link when rendering a wiki page. If a wiki link points to a raw file, access will be redirected to the raw link. --------- Co-authored-by: Zettat123 <zettat123@gmail.com> Co-authored-by: yp05327 <576951401@qq.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Avoid returning without written ctx when posting PR (#31843) (#31848)Giteabot2024-08-161-4/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Backport #31843 by @wolfogre Fix #31625. If `pull_service.NewPullRequest` return an error which misses each `if` check, `CompareAndPullRequestPost` will return immediately, since it doesn't write the HTTP response, a 200 response with empty body will be sent to clients. ```go if err := pull_service.NewPullRequest(ctx, repo, pullIssue, labelIDs, attachments, pullRequest, assigneeIDs); err != nil { if repo_model.IsErrUserDoesNotHaveAccessToRepo(err) { ctx.Error(http.StatusBadRequest, "UserDoesNotHaveAccessToRepo", err.Error()) } else if git.IsErrPushRejected(err) { // ... ctx.JSONError(flashError) } else if errors.Is(err, user_model.ErrBlockedUser) { // ... ctx.JSONError(flashError) } else if errors.Is(err, issues_model.ErrMustCollaborator) { // ... ctx.JSONError(flashError) } return } ``` Not sure what kind of error can cause it to happen, so this PR just expose it. And we can fix it when users report that creating PRs failed with error responses. It's all my guess since I cannot reproduce the problem, but even if it's not related, the code here needs to be improved. Co-authored-by: Jason Song <i@wolfogre.com>
* Add missing repository type filter parameters to pager (#31832) (#31837)Giteabot2024-08-164-0/+61
| | | | | | | | | | | | | Backport #31832 by @yp05327 Fix #31807 ps: the newly added params's value will be changed. When the first time you selected the filter, the values of params will be `0` or `1` But in pager it will be `true` or `false`. So do we have `boolToInt` function? Co-authored-by: yp05327 <576951401@qq.com>
* Show lock owner instead of repo owner on LFS setting page (#31788) (#31817)Giteabot2024-08-111-0/+5
| | | | | | | | | | | | | | | | | Backport #31788 by @wolfogre Fix #31784. Before: <img width="1648" alt="image" src="https://github.com/user-attachments/assets/03f32545-4a85-42ed-bafc-2b193a5d8023"> After: <img width="1653" alt="image" src="https://github.com/user-attachments/assets/e5bcaf93-49cb-421f-aac1-5122bc488b02"> Co-authored-by: Jason Song <i@wolfogre.com>
* Fix wiki revision pagination (#31760) (#31772)Giteabot2024-08-041-0/+1
| | | | | | | Backport #31760 by @lunny Fix #31755 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix the display of project type for deleted projects (#31732) (#31734)Giteabot2024-07-301-1/+1
| | | | | | | | | | Backport #31732 by @yp05327 Fix: #31727 After: ![image](https://github.com/user-attachments/assets/1dfb4b31-3bd6-47f7-b126-650f33f453e2) Co-authored-by: yp05327 <576951401@qq.com>
* Add permission check when creating PR (#31033) (#31720)yp053272024-07-291-0/+10
| | | | | Backport #31033 user should be a collaborator of the base repo to create a PR
* Fix rendered wiki page link (#31398) (#31407)wxiaoguang2024-06-193-7/+7
| | | | | Backport #31398 Fix #31395
* Allow downloading attachments of draft releases (#31369) (#31380)Giteabot2024-06-161-2/+3
| | | | | | | Backport #31369 by Zettat123 Fix #31362 Co-authored-by: Zettat123 <zettat123@gmail.com>
* Remove sub-path from container registry realm (#31293) (#31300)Giteabot2024-06-101-1/+7
| | | | | Backport #31293 by wxiaoguang Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix Activity Page Contributors dropdown (#31264) (#31269)Giteabot2024-06-061-6/+0
| | | | | | | Backport #31264 by wxiaoguang Fix #31261 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix agit checkout command line hint & fix ShowMergeInstructions checking ↵Giteabot2024-06-031-7/+8
| | | | | | | | | | | | | | | | | (#31219) (#31222) Backport #31219 by @lunny Fix #31135 Before <img width="527" alt="图片" src="https://github.com/go-gitea/gitea/assets/81045/60c07b55-3db2-4a9a-98f1-0eb72d149df2"> After <img width="664" alt="图片" src="https://github.com/go-gitea/gitea/assets/81045/0670ff5d-9e0b-47ac-aba4-9db9131de3b3"> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Ignore FindRecentlyPushedNewBranches err (#31164) (#31171)wxiaoguang2024-05-301-2/+1
| | | Backport #31164
* Fix markup preview (#31158) (#31166)Giteabot2024-05-301-2/+3
| | | | | | | | | | | | Backport #31158 by @wxiaoguang Fix #31157 After: ![image](https://github.com/go-gitea/gitea/assets/2114189/4d918cce-cd0d-4601-9c81-4b32df1b0b38) Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add an immutable tarball link to archive download headers for Nix (#31139) ↵Giteabot2024-05-291-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (#31145) Backport #31139 by @Mic92 This allows `nix flake metadata` and nix in general to lock a *branch* tarball link in a manner that causes it to fetch the correct commit even if the branch is updated with a newer version. For further context, Nix flakes are a feature that, among other things, allows for "inputs" that are "github:someuser/somerepo", "https://some-tarball-service/some-tarball.tar.gz", "sourcehut:~meow/nya" or similar. This feature allows our users to fetch tarballs of git-based inputs to their builds rather than using git to fetch them, saving significant download time. There is presently no gitea or forgejo specific fetcher in Nix, and we don't particularly wish to have one. Ideally (as a developer on a Nix implementation myself) we could just use the generic tarball fetcher and not add specific forgejo support, but to do so, we need additional metadata to know which commit a given *branch* tarball represents, which is the purpose of the Link header added here. The result of this patch is that a Nix user can specify `inputs.something.url = "https://forgejo-host/some/project/archive/main.tar.gz"` in flake.nix and get a link to some concrete tarball for the actual commit in the lock file, then when they run `nix flake update` in the future, they will get the latest commit in that branch. Example of it working locally: » nix flake metadata --refresh 'http://localhost:3000/api/v1/repos/jade/cats/archive/main.tar.gz?dir=configs/nix' Resolved URL: http://localhost:3000/api/v1/repos/jade/cats/archive/main.tar.gz?dir=configs/nix Locked URL: http://localhost:3000/api/v1/repos/jade/cats/archive/804ede182b6b66469b23ea4d21eece52766b7a06.tar.gz?dir=configs /nix&narHash=sha256-yP7KkDVfuixZzs0fsqhSETXFC0y8m6nmPLw2GrAMxKQ%3D Description: Computers with the nixos Path: /nix/store/s856c6yqghyan4v0zy6jj19ksv0q22nx-source Revision: 804ede182b6b66469b23ea4d21eece52766b7a06 Last modified: 2024-05-02 00:48:32 For details on the header value, see: https://github.com/nixos/nix/blob/56763ff918eb308db23080e560ed2ea3e00c80a7/doc/manual/src/protocols/tarball-fetcher.md Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com> Co-authored-by: Jade Lovelace <software@lfcode.ca> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add missed return after `ctx.ServerError` (#31130) (#31133)Giteabot2024-05-284-0/+4
| | | | | Backport #31130 by @lunny Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix possible ui 500 if workflow's job is nil (#31092) (#31098)Giteabot2024-05-271-0/+8
| | | | | | | Backport #31092 by @lunny Fix #31087 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix `View File` button link if branch deleted on pull request files pages ↵Giteabot2024-05-261-1/+1
| | | | (#31063) (#31077)
* Fix wrong display of recently pushed notification (#25812) (#31043)yp053272024-05-231-7/+19
| | | | | | | | | | | Backport #25812 ~~ps: removed some new codes in `tests/integration/pull_merge_test.go`~~ --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* use existing oauth grant for public client (#31015) (#31042)Giteabot2024-05-211-2/+17
| | | | | | | | | | | Backport #31015 by @denyskon Do not try to create a new authorization grant when one exists already, thus preventing a DB-related authorization issue. Fix https://github.com/go-gitea/gitea/pull/30790#issuecomment-2118812426 Co-authored-by: Denys Konovalov <kontakt@denyskon.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Refactor sha1 and time-limited code (#31023) (#31030)Giteabot2024-05-211-1/+1
| | | | | Backport #31023 by wxiaoguang Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Return `access_denied` error when an OAuth2 request is denied (#30974) (#31029)Giteabot2024-05-201-0/+10
| | | | | | Backport #30974 by Zettat123 Co-authored-by: Zettat123 <zettat123@gmail.com> Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
* Fix "force private" logic (#31012) (#31021)Giteabot2024-05-201-1/+1
| | | | | Backport #31012 by wxiaoguang Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Improve reverse proxy documents and clarify the AppURL guessing behavior ↵Giteabot2024-05-191-1/+1
| | | | | | | | | | | | | | | (#31003) (#31020) Backport #31003 by wxiaoguang Fix #31002 1. Mention Make sure `Host` and `X-Fowarded-Proto` headers are correctly passed to Gitea 2. Clarify the basic requirements and move the "general configuration" to the top 3. Add a comment for the "container registry" 4. Use 1.21 behavior if the reverse proxy is not correctly configured Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
* Move reverproxyauth before session so the header will not be ignored even if ↵Giteabot2024-05-121-6/+6
| | | | | | | | | | user has login (#27821) (#30948) Backport #27821 by @lunny When a user logout and then login another user, the reverseproxy auth should be checked before session otherwise the old user is still login. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Check if reverse proxy is correctly configured (#30890) (#30935)Giteabot2024-05-103-0/+37
| | | | | | | | | Backport #30890 by wxiaoguang Follow #27011 Follow #30885 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: silverwind <me@silverwind.io>
* Fix misspelling of mergable (#30896) (#30905)Giteabot2024-05-081-2/+2
| | | | | | | | Backport #30896 by @yp05327 https://github.com/go-gitea/gitea/pull/25812#issuecomment-2099833692 Follow #30573 Co-authored-by: yp05327 <576951401@qq.com>
* Fix various problems around projects board view (#30696) (#30902)Giteabot2024-05-085-83/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Backport #30696 by @lunny # The problem The previous implementation will start multiple POST requests from the frontend when moving a column and another bug is moving the default column will never be remembered in fact. # What's changed - [x] This PR will allow the default column to move to a non-first position - [x] And it also uses one request instead of multiple requests when moving the columns - [x] Use a star instead of a pin as the icon for setting the default column action - [x] Inserted new column will be append to the end - [x] Fix #30701 the newly added issue will be append to the end of the default column - [x] Fix when deleting a column, all issues in it will be displayed from UI but database records exist. - [x] Add a limitation for columns in a project to 20. So the sorting will not be overflow because it's int8. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix wrong transfer hint (#30889) (#30900)Giteabot2024-05-081-2/+8
| | | | | | | Backport #30889 by @lunny Fix #30187 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Refactor AppURL usage (#30885) (#30891)wxiaoguang2024-05-081-1/+1
| | | | | | | Backport #30885 Fix #30883 Fix #29591 Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-09 02:25:20 +0000