summaryrefslogtreecommitdiffstats
path: root/routers
Commit message (Collapse)AuthorAgeFilesLines
* Fix comment permissions (#28213) (#28217)Lunny Xiao2023-11-2617-43/+217
| | | | | | backport #28213 This PR will fix some missed checks for private repositories' data on web routes and API routes.
* Dont leak private users via extensions (#28023) (#28028)Giteabot2023-11-141-0/+5
| | | | | | Backport #28023 by @6543 there was no check in place if a user could see a other user, if you append e.g. `.rss`
* Unify two factor check (#27915) (#27939)KN4CK3R2023-11-061-11/+0
| | | | | | | | | | Backport of #27915 Fixes #27819 We have support for two factor logins with the normal web login and with basic auth. For basic auth the two factor check was implemented at three different places and you need to know that this check is necessary. This PR moves the check into the basic auth itself.
* Fix http protocol auth (#27875) (#27878)Lunny Xiao2023-11-024-14/+46
| | | backport #27875
* Fix org team endpoint (#27721) (#27729)Giteabot2023-10-221-4/+4
| | | | | | | Backport #27721 by @lng2020 Fix #27711 Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
* Fix 404 when deleting Docker package with an internal version (#27615) (#27629)Giteabot2023-10-151-1/+1
| | | | | | | | Backport #27615 by @lng2020 close #27601 The Docker registry has an internal version, which leads to 404 Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
* Fix panic in storageHandler (#27446) (#27478)Giteabot2023-10-061-51/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Backport #27446 by @sryze storageHandler() is written as a middleware but is used as an endpoint handler, and thus `next` is actually `nil`, which causes a null pointer dereference when a request URL does not match the pattern (where it calls `next.ServerHTTP()`). Example CURL command to trigger the panic: ``` curl -I "http://yourhost/gitea//avatars/a" ``` Fixes #27409 --- Note: the diff looks big but it's actually a small change - all I did was to remove the outer closure (and one level of indentation) ~and removed the HTTP method and pattern checks as they seem redundant because go-chi already does those checks~. You might want to check "Hide whitespace" when reviewing it. Alternative solution (a bit simpler): append `, misc.DummyOK` to the route declarations that utilize `storageHandler()` - this makes it return an empty response when the URL is invalid. I've tested this one and it works too. Or maybe it would be better to return a 400 error in that case (?) Co-authored-by: Sergey Zolotarev <sryze@outlook.com>
* When comparing with an non-exist repository, return 404 but 500 (#27437) ↵Giteabot2023-10-041-1/+3
| | | | | | | (#27441) Backport #27437 by @lunny Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Allow get release download files and lfs files with oauth2 token format ↵Giteabot2023-10-011-5/+3
| | | | | | | | | | (#26430) (#27378) Backport #26430 by @lunny Fix #26165 Fix #25257 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix organization field being null in POST /orgs/{orgid}/teams (#27150) (#27162)Giteabot2023-09-211-1/+1
| | | | | | | | | | | | | | | | | Backport #27150 by @memphis88 Similarly to the fix in https://github.com/go-gitea/gitea/pull/24694, this addresses the team creation not returning the organization information in the response. This fix is connected to the [issue](https://gitea.com/gitea/terraform-provider-gitea/issues/27) discovered in the terraform provider. Moreover, the [documentation](https://docs.gitea.com/api/1.20/#tag/organization/operation/orgCreateTeam) suggests that the response body should include the `organization` field (currently being `null`). Co-authored-by: Dionysios Kakouris <1369451+memphis88@users.noreply.github.com>
* fix pagination for followers and following (#27127) (#27138)Giteabot2023-09-191-2/+2
| | | | | | | | | | | | | | Backport #27127 by @earl-warren - Use the correct total amount for pagination. Thereby correctly show the pagination bare when there's more than one page of followers/followings. Refs: https://codeberg.org/forgejo/forgejo/pulls/1477 (cherry picked from commit c1a136318be3bf72511bed108f2d67f2cf34e1b8) Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com> Co-authored-by: Gusted <postmaster@gusted.xyz>
* Fix issue templates when blank isses are disabled (#27061) (#27082)Giteabot2023-09-142-11/+14
| | | | | | | | | Backport #27061 by @JakobDev Fixes #27060 Co-authored-by: JakobDev <jakobdev@gmx.de> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: delvh <dev.lh@web.de>
* Redirect from `{repo}/issues/new` to `{repo}/issues/new/choose` when blank ↵Giteabot2023-09-011-1/+9
| | | | | | | | | | | | issues are disabled (#26813) (#26847) Backport #26813 by @JakobDev You can currently visit `{repo}/issues/new` and create a blank issue, even if it's disabled. This PR fixes this, Fixes https://codeberg.org/forgejo/forgejo/issues/1356 Co-authored-by: JakobDev <jakobdev@gmx.de>
* Fix verifyCommits error when push a new branch (#26664) (#26810)Giteabot2023-08-3140-16/+236
| | | | | | | | | | | | | | | | | | | | | | | | | | | Backport #26664 by @CaiCandong > ### Description > If a new branch is pushed, and the repository has a rule that would require signed commits for the new branch, the commit is rejected with a 500 error regardless of whether it's signed. > > When pushing a new branch, the "old" commit is the empty ID (0000000000000000000000000000000000000000). verifyCommits has no provision for this and passes an invalid commit range to git rev-list. Prior to 1.19 this wasn't an issue because only pre-existing individual branches could be protected. > > I was able to reproduce with [try.gitea.io/CraigTest/test](https://try.gitea.io/CraigTest/test), which is set up with a blanket rule to require commits on all branches. Fix #25565 Very thanks to @Craig-Holmquist-NTI for reporting the bug and suggesting an valid solution! Co-authored-by: CaiCandong <50507092+CaiCandong@users.noreply.github.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix context filter has no effect in dashboard (#26695) (#26811)yp053272023-08-301-2/+2
| | | Backport #26695
* Include the GITHUB_TOKEN/GITEA_TOKEN secret for fork pull requests (#26759) ↵js6pak2023-08-301-8/+5
| | | | | | | (#26806) Backport #26759 Co-authored-by: Jason Song <i@wolfogre.com>
* Fix some slice append usages (#26778) (#26798)Giteabot2023-08-291-9/+7
| | | | | | Backport #26778 by @harryzcy Co-authored-by: Chongyi Zheng <git@zcy.dev> Co-authored-by: delvh <dev.lh@web.de>
* Fix being unable to use a repo that prohibits accepting PRs as a PR source. ↵Giteabot2023-08-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (#26785) (#26790) Backport #26785 by @CaiCandong ## Description Sometimes, we need to use an upstream mirror repository to update the current development repository, but mirror repositories are prohibited from PR. It should not appear in `merge to,` but it can appear in `pull from.` Fix #24585 #26193 #26781 Related #24183 Many thanks to @apnote for assisting me in reproducing this bug! ## ScreenShot --- ### Before <img src="https://github.com/go-gitea/gitea/assets/50507092/3d76c376-1f54-45b9-80c9-6ba8319d6a9a" width="400px"> <img src="https://github.com/go-gitea/gitea/assets/50507092/fbfd9f7f-421f-4a2e-9a3e-f2958bbf3312" width="400px"> ### After <img src="https://github.com/go-gitea/gitea/assets/50507092/e6984524-4f61-4310-b795-4d8598bd8963" width="400px"> <img src="https://github.com/go-gitea/gitea/assets/50507092/04065b44-78d7-4721-bf31-0f1674150727" width="400px"> Co-authored-by: CaiCandong <50507092+CaiCandong@users.noreply.github.com>
* Use docs.gitea.com instead of docs.gitea.io (#26769)Lunny Xiao2023-08-282-2/+2
| | | backport #26739
* Fix unable to display individual-level project (#26198) (#26636)Giteabot2023-08-211-2/+8
| | | | | | | | | | | | | | | | | Backport #26198 by @CaiCandong As title Before: ![image](https://github.com/go-gitea/gitea/assets/50507092/94afc3bf-5597-4151-a59b-5632840ffa21) After: ![image](https://github.com/go-gitea/gitea/assets/50507092/df81aa0b-98a6-477d-a270-2e45b3dca0fc) fix #26189 Co-authored-by: caicandong <50507092+CaiCandong@users.noreply.github.com>
* fix reopen logic for agit flow pull request (#26399) (#26613)a10121127962023-08-211-42/+44
| | | | | | Backport #26399 Signed-off-by: a1012112796 <1012112796@qq.com> Co-authored-by: Giteabot <teabot@gitea.io>
* Fix "issueReposQueryPattern does not match query" (#26556) (#26564)Giteabot2023-08-171-1/+1
| | | | | | | | | Backport #26556 by @wolfogre Fix `https://github.com/go-gitea/gitea/pull/26545#discussion_r1295734340` Co-authored-by: Jason Song <i@wolfogre.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Sync repo's IsEmpty status correctly (#26517) (#26560)Giteabot2023-08-171-2/+6
| | | | | | | Backport #26517 by @wxiaoguang Close #26509 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix typo of RunerOwnerID (#26508) (#26528)Giteabot2023-08-161-1/+1
| | | | | Backport #26508 by @yp05327 Co-authored-by: yp05327 <576951401@qq.com>
* Fix NuGet search endpoints (#25613) (#26499)KN4CK3R2023-08-162-7/+15
| | | | | | | | | | | Backport of #25613 Fixes #25564 Fixes #23191 - Api v2 search endpoint should return only the latest version matching the query - Api v3 search endpoint should return `take` packages not package versions
* Add ThreadID parameter for Telegram webhooks (#25996) (#26480)Giteabot2023-08-141-1/+2
| | | | | | | | Backport #25996 Telegram has recently implemented threads (channels) for group chats. Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com> Co-authored-by: neveraskedtoexist <matikot415@gmail.com>
* Improve profile readme rendering (#25988) (#26453)crystal2023-08-111-0/+1
| | | | | | | | | | | manual backport of #25988 to v1.20 - Tell the renderer to use the `document` mode, so it's consistent with other renderers. - Use the same padding as `.file-view.markup`, so it's consistent with other containers that contain markup rendering. - Resolves https://codeberg.org/forgejo/forgejo/issues/833 Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
* Add transaction when creating pull request created dirty data (#26259) (#26437)Lunny Xiao2023-08-111-1/+1
| | | | | | | | | Backport #26259 This PR will introduce a transaction on creating pull request so that if some step failed, it will rollback totally. And there will be no dirty pull request exist. Co-authored-by: Giteabot <teabot@gitea.io>
* Fix wrong middleware sequence (#26428) (#26436)Giteabot2023-08-101-1/+1
| | | | | Backport #26428 by @lunny Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix admin queue page title and fix CI failures (#26409) (#26421)wxiaoguang2023-08-101-1/+1
| | | | | | Backport #26409 * Fix #26408 * Bypass the data race issue in "ssh" package
* Introduce ctx.PathParamRaw to avoid incorrect unescaping (#26392) (#26405)Giteabot2023-08-092-10/+10
| | | | | | | | | | Backport #26392 by @wxiaoguang Fix #26389 And complete an old TODO: `ctx.Params does un-escaping,..., which is incorrect.` Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix pull request check list is limited (#26179) (#26245)Giteabot2023-07-313-5/+5
| | | | | | | | | | | | | | | | Backport #26179 by @CaiCandong In the original implementation, we can only get the first 30 records of the commit status (the default paging size), if the commit status is more than 30, it will lead to the bug #25990. I made the following two changes. - On the page, use the ` db.ListOptions{ListAll: true}` parameter instead of `db.ListOptions{}` - The `GetLatestCommitStatus` function makes a determination as to whether or not a pager is being used. fixed #25990 Co-authored-by: caicandong <50507092+CaiCandong@users.noreply.github.com>
* Fix access check for org-level project (#26182) (#26223)Giteabot2023-07-291-6/+7
| | | | | | | | | | | | Backport #26182 by @Zettat123 Fix #25934 Add `ignoreGlobal` parameter to `reqUnitAccess` and only check global disabled units when `ignoreGlobal` is true. So the org-level projects and user-level projects won't be affected by global disabled `repo.projects` unit. Co-authored-by: Zettat123 <zettat123@gmail.com>
* Fix handling of plenty Nuget package versions (#26075) (#26173)Giteabot2023-07-264-32/+94
| | | | | | | | | | Backport #26075 by @KN4CK3R Fixes #25953 - Do not load full version information (v3) - Add pagination support (v2) Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
* Display deprecated warning in admin panel pages as well as in the log file ↵Lunny Xiao2023-07-262-0/+13
| | | | | | | | | | | | | | | (#26094) (#26154) backport #26094 Temporily resolve #25915 Related #25994 This PR includes #26007 's changes but have a UI to prompt administrator about the deprecated settings as well as the log or console warning. Then users will have enough time to notice the problem and don't have surprise like before. <img width="1293" alt="图片" src="https://github.com/go-gitea/gitea/assets/81045/c33355f0-1ea7-4fb3-ad43-cd23cd15391d">
* Remove "misc" scope check from public API endpoints (#26134) (#26149)Giteabot2023-07-261-2/+2
| | | | | | | Backport #26134 by @wxiaoguang Fix #26035 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix handling of Debian files with trailing slash (#26087) (#26098)Giteabot2023-07-241-1/+1
| | | | | | | | | | | Backport #26087 by @KN4CK3R Fixes #26022 - Fix handling of files with trailing slash - Fix handling of duplicate package file errors - Added test for both Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
* fix Missing 404 swagger response docs for /admin/users/{username} (#26086) ↵Giteabot2023-07-241-0/+2
| | | | | | | | | (#26089) Backport #26086 by @CaiCandong close #26079 Co-authored-by: caicandong <50507092+CaiCandong@users.noreply.github.com>
* Fix the route for pull-request's authors (#26016) (#26018)Giteabot2023-07-202-5/+11
| | | | | | | | | | | | | | | | | | | | | Backport #26016 by @wxiaoguang Close #25906 ![image](https://github.com/go-gitea/gitea/assets/2114189/e689f3e1-9a90-46c0-89f4-2d61394d34d3) Succeeded logs: ``` [I] router: completed GET /root/test/issues/posters?&q=%20&_=1689853025011 for [::1]:59271, 200 OK in 127.7ms @ repo/issue.go:3505(repo.IssuePosters) [I] router: completed GET /root/test/pulls/posters?&q=%20&_=1689853968204 for [::1]:59269, 200 OK in 94.3ms @ repo/issue.go:3509(repo.PullPosters) ``` Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* parseScope with owner/repo always sets owner to zero (#25987) (#25989)Giteabot2023-07-191-1/+2
| | | | | | | Backport #25987 by @earl-warren Refs: https://codeberg.org/forgejo/forgejo/pulls/1001 Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
* Update path related documents (#25417) (#25982)Giteabot2023-07-191-1/+1
| | | | | | | | | | | | | | Backport #25417 by @wxiaoguang Update WorkPath/WORK_PATH related documents, remove out-dated information. Remove "StaticRootPath" on the admin config display page, because few end user really need it, it only causes misconfiguration. ![image](https://github.com/go-gitea/gitea/assets/2114189/8095afa4-da76-436b-9e89-2a92c229c01d) Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Ignore `runs-on` with expressions when warning no matched runners (#25917) ↵Giteabot2023-07-181-0/+7
| | | | | | | | | (#25933) Backport #25917 by @wolfogre Fix #25905 Co-authored-by: Jason Song <i@wolfogre.com>
* Avoid opening/closing PRs which are already merged (#25883) (#25903)Giteabot2023-07-171-0/+8
| | | | | | | | | | | | | | Backport #25883 by @yp05327 We can select PRs to open/close them by one click, but we forgot to check whether it is merged. You can get an opening merged PR: ![image](https://github.com/go-gitea/gitea/assets/18380374/22c2e747-4bb9-4742-a9aa-ef39d5308bc5) You can confirm this in: https://try.gitea.io/yp05327/testrepo/pulls/5 Co-authored-by: yp05327 <576951401@qq.com>
* Fix incorrect milestone count when provide a keyword (#25880) (#25904)Giteabot2023-07-171-10/+9
| | | | | | | | | | | Backport #25880 by @yp05327 You can confirm this issue in: https://try.gitea.io/yp05327/testrepo/milestones?state=open&q=a There's no milestone, but the count is 1. ![image](https://github.com/go-gitea/gitea/assets/18380374/25e58cee-aeeb-43c1-8ec8-6e2ec6bf1284) Co-authored-by: yp05327 <576951401@qq.com>
* fix incorrect repo url when changed the case of ownername (#25733) (#25881)Giteabot2023-07-151-6/+0
| | | | | | | | | | | | | | | | | | | | | | | | | Backport #25733 by @hiifong When only the casing of the username changes, update the owner name of the repo, and keep the original logic consistent with other conditions. example: assume your username is `gitea`, lowercase username is `gitea` too, repo URL is `.../gitea/{repo}`. You change your username to `Gitea`, `GiTea` or something like that, as long as the lowercase username is still `gitea`, the repo URL remained `.../gitea/{repo}`. this pr keeps the new username consistent with the repo URL. Before: ![image](https://github.com/go-gitea/gitea/assets/89133723/84177296-f0ff-4176-84f1-1f9ec3f5b86f) ![image](https://github.com/go-gitea/gitea/assets/89133723/8f8f4a12-ecdd-4dec-af89-85c009b0ccfe) After: ![image](https://github.com/go-gitea/gitea/assets/89133723/0564edb6-9467-405a-8cd4-d6f70e6f614b) ![image](https://github.com/go-gitea/gitea/assets/89133723/554ecd6e-e5a1-43bc-a46d-99e988c2ff58) Co-authored-by: hiifong <i@hiif.ong>
* Add support for different Maven POM encoding (#25873) (#25890)Giteabot2023-07-141-1/+7
| | | | | | | | | | Backport #25873 by @KN4CK3R Fixes #25853 - Maven POM files aren't always UTF-8 encoded. - Reject the upload of unparsable POM files Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
* Fix incorrect release count (#25879) (#25887)Giteabot2023-07-141-1/+0
| | | | | | | | | | | | | | | | | | | | | | Backport #25879 by @yp05327 Release count is not correct: https://try.gitea.io/yp05327/testrepo/tags ![image](https://github.com/go-gitea/gitea/assets/18380374/07f97c62-d450-4ccb-b3f2-3e0af9d9fc52) https://try.gitea.io/yp05327/testrepo/releases ![image](https://github.com/go-gitea/gitea/assets/18380374/6f1d55a4-bb68-445d-84b9-90552a40f403) https://try.gitea.io/yp05327/testrepo/releases/tag/testtag ![image](https://github.com/go-gitea/gitea/assets/18380374/09ab5d51-52b6-4621-a571-3100198eb260) We already have correct release count, no need to calculate it again. https://github.com/go-gitea/gitea/blob/c5e187c389b35b9e080a3187b93a775a3c81e585/modules/context/repo.go#L547 Co-authored-by: yp05327 <576951401@qq.com>
* Fix empty project displayed in issue sidebar (#25802) (#25854)Giteabot2023-07-122-4/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | Backport #25802 by @yp05327 You can confirm this issue in https://try.gitea.io/yp05327/testrepo/issues/2 Before: ![image](https://github.com/go-gitea/gitea/assets/18380374/1ab476dc-2f9b-4c85-9e87-105fc73af1ee) After: ![image](https://github.com/go-gitea/gitea/assets/18380374/786f984d-5c27-4eff-b3d9-159f68034ce4) This issue comes from the change in #25468. `LoadProject` will always return at least one record, so we use `ProjectID` to check whether an issue is linked to a project in the old code. As other `issue.LoadXXX` functions, we need to check the return value from `xorm.Session.Get`. In recent unit tests, we only test `issueList.LoadAttributes()` but don't test `issue.LoadAttributes()`. So I added a new test for `issue.LoadAttributes()` in this PR. Co-authored-by: yp05327 <576951401@qq.com> Co-authored-by: Denys Konovalov <privat@denyskon.de>
* Show correct SSL Mode on "install page" (#25818) (#25838)Giteabot2023-07-121-0/+1
| | | | | | | | | | Backport #25818 by @wxiaoguang Fix #25817 ![image](https://github.com/go-gitea/gitea/assets/2114189/49f7b85d-c229-41b5-86fd-58cd812eaca6) Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix incorrect oldest sort in project list (#25806) (#25835)Giteabot2023-07-122-2/+2
| | | | | | | | | | | | | Backport #25806 by @yp05327 sort type `oldest` should be `Asc`. Added a test for this. I see we have `SearchOrderBy` in db model, but we are using many different ways to define the sort type. ~Maybe we can improve this later.~ ↑ Improved in this PR Co-authored-by: yp05327 <576951401@qq.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-19 11:16:28 +0000