summaryrefslogtreecommitdiffstats
path: root/services
Commit message (Collapse)AuthorAgeFilesLines
* Multiple Escaping Improvements (#17551)zeripath2021-11-167-24/+32
| | | | | | | | | | | | | | There are multiple places where Gitea does not properly escape URLs that it is building and there are multiple places where it builds urls when there is already a simpler function available to use this. This is an extensive PR attempting to fix these issues. 1. The first commit in this PR looks through all href, src and links in the Gitea codebase and has attempted to catch all the places where there is potentially incomplete escaping. 2. Whilst doing this we will prefer to use functions that create URLs over recreating them by hand. 3. All uses of strings should be directly escaped - even if they are not currently expected to contain escaping characters. The main benefit to doing this will be that we can consider relaxing the constraints on user names and reponames in future. 4. The next commit looks at escaping in the wiki and re-considers the urls that are used there. Using the improved escaping here wiki files containing '/'. (This implementation will currently still place all of the wiki files the root directory of the repo but this would not be difficult to change.) 5. The title generation in feeds is now properly escaped. 6. EscapePound is no longer needed - urls should be PathEscaped / QueryEscaped as necessary but then re-escaped with Escape when creating html with locales Signed-off-by: Andrew Thornton <art27@cantab.net> Signed-off-by: Andrew Thornton <art27@cantab.net>
* Move migrations into services and base into modules/migration (#17663)Lunny Xiao2021-11-1622-1/+7603
| | | | | | | * Move migrtions into services and base into modules/migration * Fix imports * Fix lint
* Move some functions into services/repository (#17660)Lunny Xiao2021-11-1610-30/+1268
|
* Decouple unit test, remove intermediate `unittestbridge` package (#17662)wxiaoguang2021-11-169-66/+57
| | | Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Remove unnecassary calls to `filepath.Join` (#17608)Gusted2021-11-151-2/+2
| | | | | | | | | | | - Partialy resolvess #17596 - Resolves `badCall` errors from go-critic `badCall: suspicious Join on 1 argument` - When only 1 argument is passed into `filepath.Join`, it won't do anything special other than `filepath.Clean(...)` will be applied over it. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: 6543 <6543@obermui.de>
* Minor readability patch. (#17627)Michael Grigoryan2021-11-121-1/+1
|
* Decouple unit test code from business code (#17623)wxiaoguang2021-11-1217-42/+51
|
* Move EmailAddress & UserRedirect into models/user/ (#17607)Lunny Xiao2021-11-113-4/+7
| | | | | | | | | | | | | | | | | | | | | * Move EmailAddress into models/user/ * Fix test * rename user_mail to user_email * Fix test * Move UserRedirect into models/user/ * Fix lint & test * Fix lint * Fix lint * remove nolint comment * Fix lint
* Move oauth2 error to oauth2 service package (#17603)Lunny Xiao2021-11-111-2/+19
|
* Move webhook into models/webhook/ (#17579)Lunny Xiao2021-11-1021-130/+134
|
* Move unit into models/unit/ (#17576)Lunny Xiao2021-11-098-16/+23
| | | | | * Move unit into models/unit/ * Rename unit.UnitType as unit.Type
* Make ParsePatch more robust (#17573)Gusted2021-11-072-1/+30
|
* Simplify Gothic to use our session store instead of creating a different ↵zeripath2021-11-032-18/+98
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | store (#17507) * Simplify Gothic to use our session store instead of creating a different store We have been using xormstore to provide a separate session store for our OAuth2 logins however, this relies on using gorilla context and some doubling of our session storing. We can however, simplify and simply use our own chi-based session store. Thus removing a cookie and some of the weirdness with missing contexts. Signed-off-by: Andrew Thornton <art27@cantab.net> * as per review Signed-off-by: Andrew Thornton <art27@cantab.net> * as per review Signed-off-by: Andrew Thornton <art27@cantab.net> * Handle MaxTokenLength Signed-off-by: Andrew Thornton <art27@cantab.net> * oops Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lauris BH <lauris@nix.lv>
* Only allow webhook to send requests to allowed hosts (#17482)wxiaoguang2021-11-011-4/+22
|
* Properly determine CSV delimiter (#17459)Richard Mahn2021-10-301-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Fixes #16558 CSV delimiter determiner * Fixes #16558 - properly determine CSV delmiiter * Moves quoteString to a new function * Adds big test with lots of commas for tab delimited csv * Adds comments * Shortens the text of the test * Removes single quotes from regexp as only double quotes need to be searched * Fixes spelling * Fixes check of length as it probalby will only be 1e4, not greater * Makes sample size a const, properly removes truncated line * Makes sample size a const, properly removes truncated line * Fixes comment * Fixes comment * tests for FormatError() function * Adds logic to find the limiter before or after a quoted value * Simplifies regex * Error tests * Error tests * Update modules/csv/csv.go Co-authored-by: delvh <dev.lh@web.de> * Update modules/csv/csv.go Co-authored-by: delvh <dev.lh@web.de> * Adds comments * Update modules/csv/csv.go Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: delvh <dev.lh@web.de>
* Add appearance section in settings (#17433)qwerty2872021-10-271-1/+11
| | | | | | | | | | | | | * Add appearance section in settings * Fix lint * Fix lint * Apply suggestions from code review Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Lauris BH <lauris@nix.lv>
* Read expected buffer size (#17409)KN4CK3R2021-10-241-4/+3
| | | | | | * Read expected buffer size. * Changed name.
* Add groups scope/claim to OIDC/OAuth2 Provider (#17367)Nico Schieder2021-10-221-0/+3
| | | | | | | | | | | * Add groups scope/claim to OICD/OAuth2 Add support for groups claim as part of the OIDC/OAuth2 flow. Groups is a list of "org" and "org:team" strings to allow clients to authorize based on the groups a user is part of. Signed-off-by: Nico Schieder <code@nico-schieder.de> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Handle broken references in mirror sync (#17013)zeripath2021-10-211-13/+105
| | | | | | | | | | | * Handle broken references in mirror sync If there are broken references during a mirror attempt to fix using `git remote prune`. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Prevent NPE in CSV diff rendering when column removed (#17018)Richard Mahn2021-10-202-132/+322
| | | | | | | | | | | | | | | | Fixes #16837 if a column is deleted. We were clobbering the columns that were added by looping through the aline (base) and then when bline (head) was looped through, it clobbered what was in the "cells" array that is show in the diff, and then left a nil cell because nothing was shifted. This fix properly shifts the cells, and properly puts the b cell either at its location or after, according to what the aline placed in the cells. This includes test, adding a new test function since adding/removing cells works best with three columns, not two, which results in 4 columns of the resulting cells because it has a deleted column and an added column. If you try this locally, you can try those cases and others, such as adding a column. There was no need to do anything special for the rows when `aline == 0 || bline == 0` so that was removed. This allows the same code to be used for removed or added lines, with the bcell text always being the RightCell, acell text being the LeftCell. I still added the patch zeripath gave at https://github.com/go-gitea/gitea/issues/16837#issuecomment-913007382 so that just in case for some reason a cell is nil (which shouldn't happen now) it doesn't throw a 500 error, so the user can at least view the raw diff. Also fixes in the [view.go](https://github.com/go-gitea/gitea/pull/17018/files#diff-43a7f4747c7ba8bff888c9be11affaafd595fd55d27f3333840eb19df9fad393L521) file how if a CSV file is empty (either created empty or if you edit it and remove all contents) it throws a huge 500 error when you then save it (when you view the file). Since we allow creating, saving and pushing empty files, we shouldn't throw an error on an empty CSV file, but just show its empty contents. This doesn't happen if it is a Markdown file or other type of file that is empty. EDIT: Now handled in the markup/csv renderer code
* Use a variable but a function for IsProd because of a slight performance ↵Lunny Xiao2021-10-201-1/+1
| | | | increment (#17368)
* Fix some lints (#17337)Lunny Xiao2021-10-172-3/+4
| | | Fix some linting problems.
* Make the Mirror Queue a queue (#17326)zeripath2021-10-171-33/+65
| | | | | | | | | Convert the old mirror syncing queue to the more modern queue format. Fix a bug in the from the repo-archive queue PR - the assumption was made that uniqueness could be enforced with by checking equality in a map in channel unique queues - however this only works for primitive types - which was the initial intention but is an imperfect. This is fixed by marshalling the data and placing the martialled data in the unique map instead. The documentation is also updated to add information about the deprecated configuration values. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add buttons to allow loading of incomplete diffs (#16829)zeripath2021-10-153-11/+27
| | | | | | | | | | | | | | | | | This PR adds two buttons to the stats and the end of the diffs list to load the (some of) the remaining incomplete diff sections. Contains #16775 Signed-off-by: Andrew Thornton <art27@cantab.net> ## Screenshots ### Show more button at the end of the diff ![Screenshot from 2021-09-04 11-12-37](https://user-images.githubusercontent.com/1824502/132091009-b1f6113e-2c04-4be5-8a04-b8ecea56887b.png) ### Show more button at the end of the diff stats box ![Screenshot from 2021-09-04 11-14-54](https://user-images.githubusercontent.com/1824502/132091063-86da5a6d-6628-4b82-bea9-3655cd9f40f6.png)
* Upgrade chi to v5 (#17298)Lunny Xiao2021-10-131-1/+1
|
* Save and view issue/comment content history (#16909)wxiaoguang2021-10-101-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * issue content history * Use timeutil.TimeStampNow() for content history time instead of issue/comment.UpdatedUnix (which are not updated in time) * i18n for frontend * refactor * clean up * fix refactor * re-format * temp refactor * follow db refactor * rename IssueContentHistory to ContentHistory, remove empty model tags * fix html * use avatar refactor to generate avatar url * add unit test, keep at most 20 history revisions. * re-format * syntax nit * Add issue content history table * Update models/migrations/v197.go Co-authored-by: 6543 <6543@obermui.de> * fix merge Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lauris@nix.lv>
* Add a simple way to rename branch like gh (#15870)a10121127962021-10-082-0/+51
| | | | | | | | | | - Update default branch if needed - Update protected branch if needed - Update all not merged pull request base branch name - Rename git branch - Record this rename work and auto redirect for old branch on ui Signed-off-by: a1012112796 <1012112796@qq.com> Co-authored-by: delvh <dev.lh@web.de>
* Avatar refactor, move avatar code from `models` to `models.avatars`, remove ↵wxiaoguang2021-10-061-1/+2
| | | | | | | | | | | | | | | | duplicated code (#17123) Why this refactor The goal is to move most files from `models` package to `models.xxx` package. Many models depend on avatar model, so just move this first. And the existing logic is not clear, there are too many function like `AvatarLink`, `RelAvatarLink`, `SizedRelAvatarLink`, `SizedAvatarLink`, `MakeFinalAvatarURL`, `HashedAvatarLink`, etc. This refactor make everything clear: * user.AvatarLink() * user.AvatarLinkWithSize(size) * avatars.GenerateEmailAvatarFastLink(email, size) * avatars.GenerateEmailAvatarFinalLink(email, size) And many duplicated code are deleted in route handler, the handler and the model share the same avatar logic now.
* Add specific event type to header (#17222)John Olheiser2021-10-051-3/+8
| | | | | | | * Add specific event type to header Signed-off-by: jolheiser <john.olheiser@gmail.com> * Change single to type
* Always set a unique Message-ID header. (#17206)KN4CK3R2021-10-012-13/+30
|
* Fix missing repo link in issue/pull assigned emails (#17183)zeripath2021-09-301-0/+6
| | | | | | | | | | | | | There was a mistake in the template file: `templates/mail/issue/assigned.tmpl` where the repourl was generated from a non-existent release instead of the issue. This PR changes this to use the issue but also ensure that the issue repo is loaded. It also slightly improves the English locale string. Fix #17160 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: delvh <dev.lh@web.de>
* Kanban colored boards (#16647)Romain2021-09-291-0/+1
| | | Add a column Color in ProjectBoard and color picker in new / edit project board form.
* Don't return binary file changes in raw PR diffs by default (#17158)Norwin2021-09-271-3/+3
| | | | | | | | * return diffs without binary file content change * ?binary=true option to restore old behaviour Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: zeripath <art27@cantab.net>
* Support direct comparison (git diff a..b) as well merge comparison (a...b) ↵zeripath2021-09-273-6/+11
| | | | | | | | | | | | (#16635) This PR changes the compare page to make the "..." in the between branches a clickable link. This changes the comparison type from "..." to "..". Similarly it makes the initial compare icon clickable to switch the head and base branches. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Allow LDAP Sources to provide Avatars (#16851)zeripath2021-09-265-6/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Allow LDAP Sources to provide Avatars Add setting to LDAP source to allow it to provide an Avatar. Currently this is required to point to the image bytes. Fix #4144 Signed-off-by: Andrew Thornton <art27@cantab.net> * Rename as Avatar Attribute (drop JPEG) Signed-off-by: Andrew Thornton <art27@cantab.net> * Always synchronize avatar if there is change Signed-off-by: Andrew Thornton <art27@cantab.net> * Actually get the avatar from the ldap Signed-off-by: Andrew Thornton <art27@cantab.net> * clean-up Signed-off-by: Andrew Thornton <art27@cantab.net> * use len()>0 rather than != "" Signed-off-by: Andrew Thornton <art27@cantab.net> * slight shortcut in IsUploadAvatarChanged Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Add SkipLocal2FA option to pam and smtp sources (#17078)zeripath2021-09-266-4/+16
| | | | | | | | | | | | | * Add SkipLocal2FA option to other pam and smtp sources Extend #16954 to allow setting skip local 2fa on pam and SMTP authentication sources Signed-off-by: Andrew Thornton <art27@cantab.net> * make SkipLocal2FA omitempty Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
* Fix bundle creation (#17079)Alexey 〒erentyev2021-09-261-2/+4
| | | | | | | Signed-off-by: Alexey Terentyev <axifnx@gmail.com> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Gwyneth Morgan <87623694+gwymor@users.noreply.github.com> Co-authored-by: Gwyneth Morgan <gwymor@tilde.club>
* Move login related structs and functions to models/login (#17093)Lunny Xiao2021-09-2426-82/+141
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Move login related structs and functions to models/login * Fix test * Fix lint * Fix lint * Fix lint of windows * Fix lint * Fix test * Fix test * Only load necessary fixtures when preparing unit tests envs * Fix lint * Fix test * Fix test * Fix error log * Fix error log * Fix error log * remove unnecessary change * fix error log * merge main branch
* DBContext is just a Context (#17100)zeripath2021-09-239-11/+14
| | | | | | | | | | | | | | | | | | | | | | | | | * DBContext is just a Context This PR removes some of the specialness from the DBContext and makes it context This allows us to simplify the GetEngine code to wrap around any context in future and means that we can change our loadRepo(e Engine) functions to simply take contexts. Signed-off-by: Andrew Thornton <art27@cantab.net> * fix unit tests Signed-off-by: Andrew Thornton <art27@cantab.net> * another place that needs to set the initial context Signed-off-by: Andrew Thornton <art27@cantab.net> * avoid race Signed-off-by: Andrew Thornton <art27@cantab.net> * change attachment error Signed-off-by: Andrew Thornton <art27@cantab.net>
* refactor: move from io/ioutil to io and os package (#17109)Eng Zer Jun2021-09-227-17/+10
| | | | | | | | | The io/ioutil package has been deprecated as of Go 1.16, see https://golang.org/doc/go1.16#ioutil. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Move db related basic functions to models/db (#17075)Lunny Xiao2021-09-1932-119/+144
| | | | | | | | | | | | | | | | | | | | | | | | | * Move db related basic functions to models/db * Fix lint * Fix lint * Fix test * Fix lint * Fix lint * revert unnecessary change * Fix test * Fix wrong replace string * Use *Context * Correct committer spelling and fix wrong replaced words Co-authored-by: zeripath <art27@cantab.net>
* Open the DingTalk link in browser (#17084)wxiaoguang2021-09-182-13/+28
| | | | | | | | | https://developers.dingtalk.com/document/app/message-link-description To open the link in browser, we should use this URL: `"dingtalk://dingtalkclient/page/link?pc_slide=false&url=" + url.QueryEscape(singleURL)` Otherwise the page is displayed inside DingTalk client, it makes users very difficult to visit non-public URLs in DingTalk webhook messages.
* Make LDAP be able to skip local 2FA (#16954)zeripath2021-09-177-15/+34
| | | | | | This PR extends #16594 to allow LDAP to be able to be set to skip local 2FA too. The technique used here would be extensible to PAM and SMTP sources. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Improve LDAP synchronization efficiency (#16994)zeripath2021-09-152-18/+28
| | | | | | | The current LDAP sync routine has order n^2 efficiency. This change reduces this to order n.log n. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Support unprotected file patterns (#16395)Jimmy Praet2021-09-112-53/+43
| | | | | | | Fixes #16381 Note that changes to unprotected files via the web editor still cannot be pushed directly to the protected branch. I could easily add such support for edits and deletes if needed. But for adding, uploading or renaming unprotected files, it is not trivial. * Extract & Move GetAffectedFiles to modules/git
* Report the associated filter if there is an error in LDAP (#17014)zeripath2021-09-111-2/+2
| | | | | | If there is an error when performing the admin or restricted filter search ensure that the filter and the userDN are reported. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add setting to OAuth handlers to skip local 2FA authentication (#16594)zeripath2021-09-102-0/+2
| | | | | | | | This PR adds a setting to OAuth and OpenID login sources to allow the source to skip local 2FA authentication. Fix #13939 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Use git attributes to determine generated and vendored status for language ↵zeripath2021-09-091-0/+78
| | | | | | | | | | | | | | | | stats and diffs (#16773) Replaces #16262 Replaces #16250 Replaces #14833 This PR first implements a `git check-attr` pipe reader - using `git check-attr --stdin -z --cached` - taking account of the change in the output format in git 1.8.5 and creates a helper function to read a tree into a temporary index file for that pipe reader. It then wires this in to the language stats helper and into the git diff generation. Files which are marked generated will be folded by default. Fixes #14786 Fixes #12653
* Return correct error response for agit force-push (#16989)a10121127962021-09-081-1/+1
| | | | | fix a samll nit for agit `force-push` error response Signed-off-by: a1012112796 <1012112796@qq.com>
* Add repo_id for attachment (#16958)Lunny Xiao2021-09-084-4/+116
| | | | | | | When create a new issue or comment and paste/upload an attachment/image, it will not assign an issue id before submit. So if user give up the creating, the attachments will lost key feature and become dirty content. We don't know if we need to delete the attachment even if the repository deleted. This PR add a repo_id in attachment table so that even if a new upload attachment with no issue_id or release_id but should have repo_id. When deleting a repository, they could also be deleted. Co-authored-by: 6543 <6543@obermui.de>