aboutsummaryrefslogtreecommitdiffstats
path: root/routers
Commit message (Collapse)AuthorAgeFilesLines
...
* Support pagination of organizations on user settings pages (#16083)Lunny Xiao2021-11-223-12/+42
| | | | | | * Add pagination for user setting orgs * Use FindOrgs instead of GetOrgsByUserID * Remove unnecessary functions and fix test * remove unnecessary code
* Make `bind` error more readable (#17750)Gusted2021-11-221-1/+2
| | | | | - Add the related fieldNames into the response JSON, such that the developer can figure out what's going on. - Related: https://github.com/go-gitea/gitea/issues/17126#issuecomment-937848295
* Fix navbar on project view (#17749)Gusted2021-11-221-1/+1
| | | - Shows that the project nav item is active when you're viewing a project.
* Allow Loading of Diffs that are too large (#17739)zeripath2021-11-223-19/+51
| | | | | | | | | | | * Allow Loading of Diffs that are too large This PR allows the loading of diffs that are suppressed because the file is too large. It does not handle diffs of files which have lines which are too long. Fix #17738 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix close issue but time watcher still running (#17643)Lunny Xiao2021-11-211-2/+3
| | | | | | | | | | | | | * Fix close issue but time watcher still running * refactor stopwatch codes * Fix test * Fix test * Fix typo * Fix test
* Reset locale on login (#17734)zeripath2021-11-201-0/+4
| | | | | | | | | When logging in reset the user's locale to ensure that it matches their preferred locale. Fix #15612 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Extract constant names out for the ReverseProxy and Basic authentication ↵zeripath2021-11-201-1/+1
| | | | | | | | | methods (#17735) In order to reduce load on the GC extract out the constant names of the Basic and ReverseProxy methods. As mentioned in https://github.com/go-gitea/gitea/pull/15119#discussion_r730352176 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Use `hostmatcher` to replace `matchlist`, improve security (#17605)wxiaoguang2021-11-203-9/+3
| | | | | Use hostmacher to replace matchlist. And we introduce a better DialContext to do a full host/IP check, otherwise the attackers can still bypass the allow/block list by a 302 redirection.
* Allow Token API calls be authorized using the reverse-proxy header (#15119)Paweł Bogusławski2021-11-191-3/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * API calls authorized with HTTP header This mod allows API calls to be authorized with HTTP header when ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled. Without it user authenticated by reverse proxy is able to access gitea UI but not API which is inconsistent. Author-Change-Id: IB#1107572 * Fixed API calls authorized with HTTP header Only reqBasicAuth is modified to allow reverse proxy auth as alternative and reqToken is left untouched. Fixes: dc952c063206d11504085ddea966f121e796a04c Author-Change-Id: IB#1107572 * Reverse proxy API auth separated in docs Related: https://github.com/go-gitea/gitea/pull/15119#discussion_r621322127 Author-Change-Id: IB#1107572 * Reverse proxy API auth separated in docs Related: https://github.com/go-gitea/gitea/pull/15119#discussion_r621322127 Author-Change-Id: IB#1107572 * Reverse proxy API auth separated Related: https://github.com/go-gitea/gitea/pull/15119#discussion_r621322127 Author-Change-Id: IB#1107572 * ReverseProxyAuth removed from swagger ReverseProxyAuth removed from swagger as in upstream's suggestion. Related: https://github.com/go-gitea/gitea/pull/15119#pullrequestreview-692180940 Author-Change-Id: IB#1107572 * ReverseProxyAuth API authorization fixed Related: https://github.com/go-gitea/gitea/pull/15119#issuecomment-868465099 Author-Change-Id: IB#1107572 * ReverseProxyAuth API authorization fixed Related: https://github.com/go-gitea/gitea/pull/15119#issuecomment-868465099 Author-Change-Id: IB#1107572
* Move attachment into models/repo/ (#17650)Lunny Xiao2021-11-194-17/+21
| | | | | | | * Move attachment into models/repo/ * Fix test * Fix bug
* Use a standalone struct name for Organization (#17632)Lunny Xiao2021-11-1924-60/+66
| | | | | | | | | | | | | | | | | | | | | * Use a standalone struct name for Organization * recover unnecessary change * make the code readable * Fix template failure * Fix template failure * Move HasMemberWithUserID to org * Fix test * Remove unnecessary user type check * Fix test Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Remove unused `user` paramater (#17723)Gusted2021-11-191-3/+3
| | | | | As title
* Move user/org deletion to services (#17673)KN4CK3R2021-11-195-8/+12
|
* Add pagination to fork list (#17639)Gusted2021-11-181-2/+13
| | | | | - Resolves #14574 - Adds the necessary code to have pagination working in the forks list of a repo. The code is mostly in par with the stars/watcher implementation.
* Move task from modules to services (#17680)Lunny Xiao2021-11-182-2/+2
|
* Move user functions into user.go (#17659)Lunny Xiao2021-11-182-7/+7
| | | | | * Move user functions into user.go * Fix test
* Remove unnecessary variable assignments (#17695)Gusted2021-11-181-1/+0
| | | | | | | | | | * Remove unnecessary variable assignments As title * enable ineffassign Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fixed commit count. (#17698)KN4CK3R2021-11-173-15/+12
| | | | Added "Tag" label. Unified branch, tag and commit name.
* Add .gitattribute assisted language detection to blame, diff and render (#17590)zeripath2021-11-172-2/+54
| | | | | | | Use check attribute code to check the assigned language of a file and send that in to chroma as a hint for the language of the file. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Return 400 but not 500 when request archive with wrong format (#17691)Lunny Xiao2021-11-171-1/+5
|
* Move some functions into services/repository (#17677)Lunny Xiao2021-11-173-10/+9
|
* A better go code formatter, and now `make fmt` can run in Windows (#17684)wxiaoguang2021-11-175-3/+6
| | | | * go build / format tools * re-format imports
* Move user follow and openid into models/user/ (#17613)Lunny Xiao2021-11-175-19/+22
| | | | | | | | | | | | | | | | | | | | | | | * Move UserRedirect into models/user/ * Fix lint & test * Fix lint * Fix lint * remove nolint comment * Fix lint * Move user follow and openid into models/user * Ignore the lint * Ignore the lint * Fix test * ignore stutters lint on UserOpenID
* Allow admins to change user avatars (#17661)qwerty2872021-11-162-0/+33
| | | | | | | Adds the avatar change panel to the edit user page (bottom) and allows admins to change it this way Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: zeripath <art27@cantab.net>
* Multiple Escaping Improvements (#17551)zeripath2021-11-1634-200/+351
| | | | | | | | | | | | | | There are multiple places where Gitea does not properly escape URLs that it is building and there are multiple places where it builds urls when there is already a simpler function available to use this. This is an extensive PR attempting to fix these issues. 1. The first commit in this PR looks through all href, src and links in the Gitea codebase and has attempted to catch all the places where there is potentially incomplete escaping. 2. Whilst doing this we will prefer to use functions that create URLs over recreating them by hand. 3. All uses of strings should be directly escaped - even if they are not currently expected to contain escaping characters. The main benefit to doing this will be that we can consider relaxing the constraints on user names and reponames in future. 4. The next commit looks at escaping in the wiki and re-considers the urls that are used there. Using the improved escaping here wiki files containing '/'. (This implementation will currently still place all of the wiki files the root directory of the repo but this would not be difficult to change.) 5. The title generation in feeds is now properly escaped. 6. EscapePound is no longer needed - urls should be PathEscaped / QueryEscaped as necessary but then re-escaped with Escape when creating html with locales Signed-off-by: Andrew Thornton <art27@cantab.net> Signed-off-by: Andrew Thornton <art27@cantab.net>
* Move migrations into services and base into modules/migration (#17663)Lunny Xiao2021-11-165-6/+6
| | | | | | | * Move migrtions into services and base into modules/migration * Fix imports * Fix lint
* Move some functions into services/repository (#17660)Lunny Xiao2021-11-167-15/+14
|
* Decouple unit test, remove intermediate `unittestbridge` package (#17662)wxiaoguang2021-11-167-33/+26
| | | Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix nil checking on typed interface (#17598)Gusted2021-11-151-8/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | * Fix nil checking on typed interface - Partially resoles #17596 - Resolves SA4023 errors. - Ensure correctly that typed interface are nil. * Remove unnecessary code `NewBleveIndexer` will never return nil, even on errors. * Patch `NewBleveIndexer` * Fix low-level functions * Remove deadcode * Fix GetSession * Close Elastic search when err isn't nil * Update elastic_search.go Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Remove unnecassary calls to `filepath.Join` (#17608)Gusted2021-11-152-2/+2
| | | | | | | | | | | - Partialy resolvess #17596 - Resolves `badCall` errors from go-critic `badCall: suspicious Join on 1 argument` - When only 1 argument is passed into `filepath.Join`, it won't do anything special other than `filepath.Clean(...)` will be applied over it. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: 6543 <6543@obermui.de>
* Correctly handle failed migrations (#17575)zeripath2021-11-132-0/+14
| | | | | | | | | | | | | | * Correctly handle failed migrations There is a bug in handling failed migrations whereby the migration task gets decoupled from the migration repository. This leads to a failure of the task to get deleted with the repository and also leads to the migration failed page resulting in a ISE. This PR removes the zeroing out of the task id from the migration but also makes the migration handler tolerate missing tasks much nicer. Fix #17571 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Decouple unit test code from business code (#17623)wxiaoguang2021-11-1217-62/+69
|
* Move EmailAddress & UserRedirect into models/user/ (#17607)Lunny Xiao2021-11-1111-44/+54
| | | | | | | | | | | | | | | | | | | | | * Move EmailAddress into models/user/ * Fix test * rename user_mail to user_email * Fix test * Move UserRedirect into models/user/ * Fix lint & test * Fix lint * Fix lint * remove nolint comment * Fix lint
* Refactor commentTags functionality (#17558)Gusted2021-11-111-35/+43
| | | | | | | | | | | | | | | | | | | | | | | | * feat: Allow multiple tags on comments - Allow for multiples tags(Currently Poster + {Owner, Writer}). - Utilize the Poster tag within the commentTag function and remove the checking from templates. - Use bitwise on CommentTags to enable specific tags. - Don't show poster tag(view_content.tmpl) on the initial issue comment. * Change parameters naming * Change function name * refactor variable wording * Merge 'master' branch into 'tags-comments' branch * Change naming * `tag` -> `role` Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Move oauth2 error to oauth2 service package (#17603)Lunny Xiao2021-11-111-2/+1
|
* Fix 500 when a comment was deleted which has a notification (#17550)Lunny Xiao2021-11-102-3/+3
| | | | | | | | | | * Fix 500 when a comment was deleted which has a notification * Tolerate missing Comment in other places too Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Move webhook into models/webhook/ (#17579)Lunny Xiao2021-11-107-188/+193
|
* Move unit into models/unit/ (#17576)Lunny Xiao2021-11-0929-236/+263
| | | | | * Move unit into models/unit/ * Rename unit.UnitType as unit.Type
* tune sqlite3 message (#17601)wxiaoguang2021-11-091-2/+2
|
* Fix 500 when review pull request with anonymous (#17594)Lunny Xiao2021-11-091-1/+5
|
* Fix bug on detect issue/comment writer (#17591)Lunny Xiao2021-11-091-1/+1
|
* Allow U2F 2FA without TOTP (#11573)Kamil Domański2021-11-082-25/+44
| | | | | | | This change enables the usage of U2F without being forced to enroll an TOTP authenticator. The `/user/auth/u2f` has been changed to hide the "use TOTP instead" bar if TOTP is not enrolled. Fixes #5410 Fixes #17495
* Avoid double imports (#17569)Gusted2021-11-081-2/+1
| | | | | Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix bug on admin subcommand (#17533)Lunny Xiao2021-11-071-2/+2
| | | | | | | * Fix bug on admin subcommand * Add signals for all initDB Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix ipv6 parsing for builtin ssh server (#17561)Wim2021-11-061-1/+5
|
* Hide label comments if labels were added and removed immediately (#17455)qwerty2872021-11-042-12/+87
| | | | | | | | | | | * Hide label comments if labels were added and removed immediately * Add comment and rename var * Fix unit test * Add test case Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Simplify Gothic to use our session store instead of creating a different ↵zeripath2021-11-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | store (#17507) * Simplify Gothic to use our session store instead of creating a different store We have been using xormstore to provide a separate session store for our OAuth2 logins however, this relies on using gorilla context and some doubling of our session storing. We can however, simplify and simply use our own chi-based session store. Thus removing a cookie and some of the weirdness with missing contexts. Signed-off-by: Andrew Thornton <art27@cantab.net> * as per review Signed-off-by: Andrew Thornton <art27@cantab.net> * as per review Signed-off-by: Andrew Thornton <art27@cantab.net> * Handle MaxTokenLength Signed-off-by: Andrew Thornton <art27@cantab.net> * oops Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lauris BH <lauris@nix.lv>
* Stop double encoding blame commit messages (#17498)zeripath2021-10-311-2/+1
| | | | | | | | | | | The call to html.EscapeString in routers/web/repo/blame.go:renderBlame is extraneous as the commit message is now rendered by the template. The template will correctly escape strings - therefore we are currently double escaping. This PR fixes this. Fix #17492 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Properly determine CSV delimiter (#17459)Richard Mahn2021-10-301-4/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Fixes #16558 CSV delimiter determiner * Fixes #16558 - properly determine CSV delmiiter * Moves quoteString to a new function * Adds big test with lots of commas for tab delimited csv * Adds comments * Shortens the text of the test * Removes single quotes from regexp as only double quotes need to be searched * Fixes spelling * Fixes check of length as it probalby will only be 1e4, not greater * Makes sample size a const, properly removes truncated line * Makes sample size a const, properly removes truncated line * Fixes comment * Fixes comment * tests for FormatError() function * Adds logic to find the limiter before or after a quoted value * Simplifies regex * Error tests * Error tests * Update modules/csv/csv.go Co-authored-by: delvh <dev.lh@web.de> * Update modules/csv/csv.go Co-authored-by: delvh <dev.lh@web.de> * Adds comments * Update modules/csv/csv.go Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: delvh <dev.lh@web.de>
* Rename db Engines related functions (#17481)Lunny Xiao2021-10-302-2/+2
| | | | | * Rename db Engines related functions Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-16 20:36:43 +0000