12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109 |
- // Copyright 2014 The Gogs Authors. All rights reserved.
- // Copyright 2017 The Gitea Authors. All rights reserved.
- // Use of this source code is governed by a MIT-style
- // license that can be found in the LICENSE file.
-
- package setting
-
- import (
- "encoding/base64"
- "fmt"
- "io"
- "io/ioutil"
- "math"
- "net"
- "net/url"
- "os"
- "os/exec"
- "path"
- "path/filepath"
- "runtime"
- "strconv"
- "strings"
- "time"
-
- "code.gitea.io/gitea/modules/generate"
- "code.gitea.io/gitea/modules/log"
- "code.gitea.io/gitea/modules/user"
-
- shellquote "github.com/kballard/go-shellquote"
- "github.com/unknwon/com"
- gossh "golang.org/x/crypto/ssh"
- ini "gopkg.in/ini.v1"
- "strk.kbt.io/projects/go/libravatar"
- )
-
- // Scheme describes protocol types
- type Scheme string
-
- // enumerates all the scheme types
- const (
- HTTP Scheme = "http"
- HTTPS Scheme = "https"
- FCGI Scheme = "fcgi"
- FCGIUnix Scheme = "fcgi+unix"
- UnixSocket Scheme = "unix"
- )
-
- // LandingPage describes the default page
- type LandingPage string
-
- // enumerates all the landing page types
- const (
- LandingPageHome LandingPage = "/"
- LandingPageExplore LandingPage = "/explore"
- LandingPageOrganizations LandingPage = "/explore/organizations"
- LandingPageLogin LandingPage = "/user/login"
- )
-
- // enumerates all the types of captchas
- const (
- ImageCaptcha = "image"
- ReCaptcha = "recaptcha"
- HCaptcha = "hcaptcha"
- )
-
- // settings
- var (
- // AppVer settings
- AppVer string
- AppBuiltWith string
- AppName string
- AppURL string
- AppSubURL string
- AppSubURLDepth int // Number of slashes
- AppPath string
- AppDataPath string
- AppWorkPath string
-
- // Server settings
- Protocol Scheme
- Domain string
- HTTPAddr string
- HTTPPort string
- LocalURL string
- RedirectOtherPort bool
- PortToRedirect string
- OfflineMode bool
- CertFile string
- KeyFile string
- StaticRootPath string
- StaticCacheTime time.Duration
- EnableGzip bool
- LandingPageURL LandingPage
- UnixSocketPermission uint32
- EnablePprof bool
- PprofDataPath string
- EnableLetsEncrypt bool
- LetsEncryptTOS bool
- LetsEncryptDirectory string
- LetsEncryptEmail string
- GracefulRestartable bool
- GracefulHammerTime time.Duration
- StartupTimeout time.Duration
- StaticURLPrefix string
-
- SSH = struct {
- Disabled bool `ini:"DISABLE_SSH"`
- StartBuiltinServer bool `ini:"START_SSH_SERVER"`
- BuiltinServerUser string `ini:"BUILTIN_SSH_SERVER_USER"`
- Domain string `ini:"SSH_DOMAIN"`
- Port int `ini:"SSH_PORT"`
- ListenHost string `ini:"SSH_LISTEN_HOST"`
- ListenPort int `ini:"SSH_LISTEN_PORT"`
- RootPath string `ini:"SSH_ROOT_PATH"`
- ServerCiphers []string `ini:"SSH_SERVER_CIPHERS"`
- ServerKeyExchanges []string `ini:"SSH_SERVER_KEY_EXCHANGES"`
- ServerMACs []string `ini:"SSH_SERVER_MACS"`
- KeyTestPath string `ini:"SSH_KEY_TEST_PATH"`
- KeygenPath string `ini:"SSH_KEYGEN_PATH"`
- AuthorizedKeysBackup bool `ini:"SSH_AUTHORIZED_KEYS_BACKUP"`
- AuthorizedPrincipalsBackup bool `ini:"SSH_AUTHORIZED_PRINCIPALS_BACKUP"`
- MinimumKeySizeCheck bool `ini:"-"`
- MinimumKeySizes map[string]int `ini:"-"`
- CreateAuthorizedKeysFile bool `ini:"SSH_CREATE_AUTHORIZED_KEYS_FILE"`
- CreateAuthorizedPrincipalsFile bool `ini:"SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE"`
- ExposeAnonymous bool `ini:"SSH_EXPOSE_ANONYMOUS"`
- AuthorizedPrincipalsAllow []string `ini:"SSH_AUTHORIZED_PRINCIPALS_ALLOW"`
- AuthorizedPrincipalsEnabled bool `ini:"-"`
- TrustedUserCAKeys []string `ini:"SSH_TRUSTED_USER_CA_KEYS"`
- TrustedUserCAKeysFile string `ini:"SSH_TRUSTED_USER_CA_KEYS_FILENAME"`
- TrustedUserCAKeysParsed []gossh.PublicKey `ini:"-"`
- }{
- Disabled: false,
- StartBuiltinServer: false,
- Domain: "",
- Port: 22,
- ServerCiphers: []string{"aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "arcfour256", "arcfour128"},
- ServerKeyExchanges: []string{"diffie-hellman-group1-sha1", "diffie-hellman-group14-sha1", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "curve25519-sha256@libssh.org"},
- ServerMACs: []string{"hmac-sha2-256-etm@openssh.com", "hmac-sha2-256", "hmac-sha1", "hmac-sha1-96"},
- KeygenPath: "ssh-keygen",
- MinimumKeySizeCheck: true,
- MinimumKeySizes: map[string]int{"ed25519": 256, "ecdsa": 256, "rsa": 2048},
- }
-
- // Security settings
- InstallLock bool
- SecretKey string
- LogInRememberDays int
- CookieUserName string
- CookieRememberName string
- ReverseProxyAuthUser string
- ReverseProxyAuthEmail string
- MinPasswordLength int
- ImportLocalPaths bool
- DisableGitHooks bool
- OnlyAllowPushIfGiteaEnvironmentSet bool
- PasswordComplexity []string
- PasswordHashAlgo string
- PasswordCheckPwn bool
-
- // UI settings
- UI = struct {
- ExplorePagingNum int
- IssuePagingNum int
- RepoSearchPagingNum int
- MembersPagingNum int
- FeedMaxCommitNum int
- FeedPagingNum int
- GraphMaxCommitNum int
- CodeCommentLines int
- ReactionMaxUserNum int
- ThemeColorMetaTag string
- MaxDisplayFileSize int64
- ShowUserEmail bool
- DefaultShowFullName bool
- DefaultTheme string
- Themes []string
- Reactions []string
- ReactionsMap map[string]bool
- SearchRepoDescription bool
- UseServiceWorker bool
-
- Notification struct {
- MinTimeout time.Duration
- TimeoutStep time.Duration
- MaxTimeout time.Duration
- EventSourceUpdateTime time.Duration
- } `ini:"ui.notification"`
-
- Admin struct {
- UserPagingNum int
- RepoPagingNum int
- NoticePagingNum int
- OrgPagingNum int
- } `ini:"ui.admin"`
- User struct {
- RepoPagingNum int
- } `ini:"ui.user"`
- Meta struct {
- Author string
- Description string
- Keywords string
- } `ini:"ui.meta"`
- }{
- ExplorePagingNum: 20,
- IssuePagingNum: 10,
- RepoSearchPagingNum: 10,
- MembersPagingNum: 20,
- FeedMaxCommitNum: 5,
- FeedPagingNum: 20,
- GraphMaxCommitNum: 100,
- CodeCommentLines: 4,
- ReactionMaxUserNum: 10,
- ThemeColorMetaTag: `#6cc644`,
- MaxDisplayFileSize: 8388608,
- DefaultTheme: `gitea`,
- Themes: []string{`gitea`, `arc-green`},
- Reactions: []string{`+1`, `-1`, `laugh`, `hooray`, `confused`, `heart`, `rocket`, `eyes`},
- Notification: struct {
- MinTimeout time.Duration
- TimeoutStep time.Duration
- MaxTimeout time.Duration
- EventSourceUpdateTime time.Duration
- }{
- MinTimeout: 10 * time.Second,
- TimeoutStep: 10 * time.Second,
- MaxTimeout: 60 * time.Second,
- EventSourceUpdateTime: 10 * time.Second,
- },
- Admin: struct {
- UserPagingNum int
- RepoPagingNum int
- NoticePagingNum int
- OrgPagingNum int
- }{
- UserPagingNum: 50,
- RepoPagingNum: 50,
- NoticePagingNum: 25,
- OrgPagingNum: 50,
- },
- User: struct {
- RepoPagingNum int
- }{
- RepoPagingNum: 15,
- },
- Meta: struct {
- Author string
- Description string
- Keywords string
- }{
- Author: "Gitea - Git with a cup of tea",
- Description: "Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go",
- Keywords: "go,git,self-hosted,gitea",
- },
- }
-
- // Markdown settings
- Markdown = struct {
- EnableHardLineBreakInComments bool
- EnableHardLineBreakInDocuments bool
- CustomURLSchemes []string `ini:"CUSTOM_URL_SCHEMES"`
- FileExtensions []string
- }{
- EnableHardLineBreakInComments: true,
- EnableHardLineBreakInDocuments: false,
- FileExtensions: strings.Split(".md,.markdown,.mdown,.mkd", ","),
- }
-
- // Admin settings
- Admin struct {
- DisableRegularOrgCreation bool
- DefaultEmailNotification string
- }
-
- // Picture settings
- AvatarUploadPath string
- AvatarMaxWidth int
- AvatarMaxHeight int
- GravatarSource string
- GravatarSourceURL *url.URL
- DisableGravatar bool
- EnableFederatedAvatar bool
- LibravatarService *libravatar.Libravatar
- AvatarMaxFileSize int64
- RepositoryAvatarUploadPath string
- RepositoryAvatarFallback string
- RepositoryAvatarFallbackImage string
-
- // Log settings
- LogLevel string
- StacktraceLogLevel string
- LogRootPath string
- RedirectMacaronLog bool
- DisableRouterLog bool
- RouterLogLevel log.Level
- RouterLogMode string
- EnableAccessLog bool
- AccessLogTemplate string
- EnableXORMLog bool
-
- // Time settings
- TimeFormat string
- // UILocation is the location on the UI, so that we can display the time on UI.
- DefaultUILocation = time.Local
-
- CSRFCookieName = "_csrf"
- CSRFCookieHTTPOnly = true
-
- // Mirror settings
- Mirror struct {
- DefaultInterval time.Duration
- MinInterval time.Duration
- }
-
- // API settings
- API = struct {
- EnableSwagger bool
- SwaggerURL string
- MaxResponseItems int
- DefaultPagingNum int
- DefaultGitTreesPerPage int
- DefaultMaxBlobSize int64
- }{
- EnableSwagger: true,
- SwaggerURL: "",
- MaxResponseItems: 50,
- DefaultPagingNum: 30,
- DefaultGitTreesPerPage: 1000,
- DefaultMaxBlobSize: 10485760,
- }
-
- OAuth2 = struct {
- Enable bool
- AccessTokenExpirationTime int64
- RefreshTokenExpirationTime int64
- InvalidateRefreshTokens bool
- JWTSecretBytes []byte `ini:"-"`
- JWTSecretBase64 string `ini:"JWT_SECRET"`
- MaxTokenLength int
- }{
- Enable: true,
- AccessTokenExpirationTime: 3600,
- RefreshTokenExpirationTime: 730,
- InvalidateRefreshTokens: false,
- MaxTokenLength: math.MaxInt16,
- }
-
- U2F = struct {
- AppID string
- TrustedFacets []string
- }{}
-
- // Metrics settings
- Metrics = struct {
- Enabled bool
- Token string
- }{
- Enabled: false,
- Token: "",
- }
-
- // I18n settings
- Langs []string
- Names []string
-
- // Highlight settings are loaded in modules/template/highlight.go
-
- // Other settings
- ShowFooterBranding bool
- ShowFooterVersion bool
- ShowFooterTemplateLoadTime bool
-
- // Global setting objects
- Cfg *ini.File
- CustomPath string // Custom directory path
- CustomConf string
- PIDFile = "/run/gitea.pid"
- WritePIDFile bool
- ProdMode bool
- RunUser string
- IsWindows bool
- HasRobotsTxt bool
- InternalToken string // internal access token
-
- // UILocation is the location on the UI, so that we can display the time on UI.
- // Currently only show the default time.Local, it could be added to app.ini after UI is ready
- UILocation = time.Local
- )
-
- func getAppPath() (string, error) {
- var appPath string
- var err error
- if IsWindows && filepath.IsAbs(os.Args[0]) {
- appPath = filepath.Clean(os.Args[0])
- } else {
- appPath, err = exec.LookPath(os.Args[0])
- }
-
- if err != nil {
- return "", err
- }
- appPath, err = filepath.Abs(appPath)
- if err != nil {
- return "", err
- }
- // Note: we don't use path.Dir here because it does not handle case
- // which path starts with two "/" in Windows: "//psf/Home/..."
- return strings.Replace(appPath, "\\", "/", -1), err
- }
-
- func getWorkPath(appPath string) string {
- workPath := AppWorkPath
-
- if giteaWorkPath, ok := os.LookupEnv("GITEA_WORK_DIR"); ok {
- workPath = giteaWorkPath
- }
- if len(workPath) == 0 {
- i := strings.LastIndex(appPath, "/")
- if i == -1 {
- workPath = appPath
- } else {
- workPath = appPath[:i]
- }
- }
- return strings.Replace(workPath, "\\", "/", -1)
- }
-
- func init() {
- IsWindows = runtime.GOOS == "windows"
- // We can rely on log.CanColorStdout being set properly because modules/log/console_windows.go comes before modules/setting/setting.go lexicographically
- log.NewLogger(0, "console", "console", fmt.Sprintf(`{"level": "trace", "colorize": %t, "stacktraceLevel": "none"}`, log.CanColorStdout))
-
- var err error
- if AppPath, err = getAppPath(); err != nil {
- log.Fatal("Failed to get app path: %v", err)
- }
- AppWorkPath = getWorkPath(AppPath)
- }
-
- func forcePathSeparator(path string) {
- if strings.Contains(path, "\\") {
- log.Fatal("Do not use '\\' or '\\\\' in paths, instead, please use '/' in all places")
- }
- }
-
- // IsRunUserMatchCurrentUser returns false if configured run user does not match
- // actual user that runs the app. The first return value is the actual user name.
- // This check is ignored under Windows since SSH remote login is not the main
- // method to login on Windows.
- func IsRunUserMatchCurrentUser(runUser string) (string, bool) {
- if IsWindows || SSH.StartBuiltinServer {
- return "", true
- }
-
- currentUser := user.CurrentUsername()
- return currentUser, runUser == currentUser
- }
-
- func createPIDFile(pidPath string) {
- currentPid := os.Getpid()
- if err := os.MkdirAll(filepath.Dir(pidPath), os.ModePerm); err != nil {
- log.Fatal("Failed to create PID folder: %v", err)
- }
-
- file, err := os.Create(pidPath)
- if err != nil {
- log.Fatal("Failed to create PID file: %v", err)
- }
- defer file.Close()
- if _, err := file.WriteString(strconv.FormatInt(int64(currentPid), 10)); err != nil {
- log.Fatal("Failed to write PID information: %v", err)
- }
- }
-
- // SetCustomPathAndConf will set CustomPath and CustomConf with reference to the
- // GITEA_CUSTOM environment variable and with provided overrides before stepping
- // back to the default
- func SetCustomPathAndConf(providedCustom, providedConf, providedWorkPath string) {
- if len(providedWorkPath) != 0 {
- AppWorkPath = filepath.ToSlash(providedWorkPath)
- }
- if giteaCustom, ok := os.LookupEnv("GITEA_CUSTOM"); ok {
- CustomPath = giteaCustom
- }
- if len(providedCustom) != 0 {
- CustomPath = providedCustom
- }
- if len(CustomPath) == 0 {
- CustomPath = path.Join(AppWorkPath, "custom")
- } else if !filepath.IsAbs(CustomPath) {
- CustomPath = path.Join(AppWorkPath, CustomPath)
- }
-
- if len(providedConf) != 0 {
- CustomConf = providedConf
- }
- if len(CustomConf) == 0 {
- CustomConf = path.Join(CustomPath, "conf/app.ini")
- } else if !filepath.IsAbs(CustomConf) {
- CustomConf = path.Join(CustomPath, CustomConf)
- log.Warn("Using 'custom' directory as relative origin for configuration file: '%s'", CustomConf)
- }
- }
-
- // NewContext initializes configuration context.
- // NOTE: do not print any log except error.
- func NewContext() {
- Cfg = ini.Empty()
-
- if WritePIDFile && len(PIDFile) > 0 {
- createPIDFile(PIDFile)
- }
-
- if com.IsFile(CustomConf) {
- if err := Cfg.Append(CustomConf); err != nil {
- log.Fatal("Failed to load custom conf '%s': %v", CustomConf, err)
- }
- } else {
- log.Warn("Custom config '%s' not found, ignore this if you're running first time", CustomConf)
- }
- Cfg.NameMapper = ini.SnackCase
-
- homeDir, err := com.HomeDir()
- if err != nil {
- log.Fatal("Failed to get home directory: %v", err)
- }
- homeDir = strings.Replace(homeDir, "\\", "/", -1)
-
- LogLevel = getLogLevel(Cfg.Section("log"), "LEVEL", "Info")
- StacktraceLogLevel = getStacktraceLogLevel(Cfg.Section("log"), "STACKTRACE_LEVEL", "None")
- LogRootPath = Cfg.Section("log").Key("ROOT_PATH").MustString(path.Join(AppWorkPath, "log"))
- forcePathSeparator(LogRootPath)
- RedirectMacaronLog = Cfg.Section("log").Key("REDIRECT_MACARON_LOG").MustBool(false)
- RouterLogLevel = log.FromString(Cfg.Section("log").Key("ROUTER_LOG_LEVEL").MustString("Info"))
-
- sec := Cfg.Section("server")
- AppName = Cfg.Section("").Key("APP_NAME").MustString("Gitea: Git with a cup of tea")
-
- Protocol = HTTP
- switch sec.Key("PROTOCOL").String() {
- case "https":
- Protocol = HTTPS
- CertFile = sec.Key("CERT_FILE").String()
- KeyFile = sec.Key("KEY_FILE").String()
- if !filepath.IsAbs(CertFile) && len(CertFile) > 0 {
- CertFile = filepath.Join(CustomPath, CertFile)
- }
- if !filepath.IsAbs(KeyFile) && len(KeyFile) > 0 {
- KeyFile = filepath.Join(CustomPath, KeyFile)
- }
- case "fcgi":
- Protocol = FCGI
- case "fcgi+unix":
- Protocol = FCGIUnix
- UnixSocketPermissionRaw := sec.Key("UNIX_SOCKET_PERMISSION").MustString("666")
- UnixSocketPermissionParsed, err := strconv.ParseUint(UnixSocketPermissionRaw, 8, 32)
- if err != nil || UnixSocketPermissionParsed > 0777 {
- log.Fatal("Failed to parse unixSocketPermission: %s", UnixSocketPermissionRaw)
- }
- UnixSocketPermission = uint32(UnixSocketPermissionParsed)
- case "unix":
- Protocol = UnixSocket
- UnixSocketPermissionRaw := sec.Key("UNIX_SOCKET_PERMISSION").MustString("666")
- UnixSocketPermissionParsed, err := strconv.ParseUint(UnixSocketPermissionRaw, 8, 32)
- if err != nil || UnixSocketPermissionParsed > 0777 {
- log.Fatal("Failed to parse unixSocketPermission: %s", UnixSocketPermissionRaw)
- }
- UnixSocketPermission = uint32(UnixSocketPermissionParsed)
- }
- EnableLetsEncrypt = sec.Key("ENABLE_LETSENCRYPT").MustBool(false)
- LetsEncryptTOS = sec.Key("LETSENCRYPT_ACCEPTTOS").MustBool(false)
- if !LetsEncryptTOS && EnableLetsEncrypt {
- log.Warn("Failed to enable Let's Encrypt due to Let's Encrypt TOS not being accepted")
- EnableLetsEncrypt = false
- }
- LetsEncryptDirectory = sec.Key("LETSENCRYPT_DIRECTORY").MustString("https")
- LetsEncryptEmail = sec.Key("LETSENCRYPT_EMAIL").MustString("")
- Domain = sec.Key("DOMAIN").MustString("localhost")
- HTTPAddr = sec.Key("HTTP_ADDR").MustString("0.0.0.0")
- HTTPPort = sec.Key("HTTP_PORT").MustString("3000")
- GracefulRestartable = sec.Key("ALLOW_GRACEFUL_RESTARTS").MustBool(true)
- GracefulHammerTime = sec.Key("GRACEFUL_HAMMER_TIME").MustDuration(60 * time.Second)
- StartupTimeout = sec.Key("STARTUP_TIMEOUT").MustDuration(0 * time.Second)
-
- defaultAppURL := string(Protocol) + "://" + Domain
- if (Protocol == HTTP && HTTPPort != "80") || (Protocol == HTTPS && HTTPPort != "443") {
- defaultAppURL += ":" + HTTPPort
- }
- AppURL = sec.Key("ROOT_URL").MustString(defaultAppURL)
- AppURL = strings.TrimSuffix(AppURL, "/") + "/"
-
- // Check if has app suburl.
- appURL, err := url.Parse(AppURL)
- if err != nil {
- log.Fatal("Invalid ROOT_URL '%s': %s", AppURL, err)
- }
- // Suburl should start with '/' and end without '/', such as '/{subpath}'.
- // This value is empty if site does not have sub-url.
- AppSubURL = strings.TrimSuffix(appURL.Path, "/")
- StaticURLPrefix = strings.TrimSuffix(sec.Key("STATIC_URL_PREFIX").MustString(AppSubURL), "/")
- AppSubURLDepth = strings.Count(AppSubURL, "/")
- // Check if Domain differs from AppURL domain than update it to AppURL's domain
- urlHostname := appURL.Hostname()
- if urlHostname != Domain && net.ParseIP(urlHostname) == nil && urlHostname != "" {
- Domain = urlHostname
- }
-
- var defaultLocalURL string
- switch Protocol {
- case UnixSocket:
- defaultLocalURL = "http://unix/"
- case FCGI:
- defaultLocalURL = AppURL
- case FCGIUnix:
- defaultLocalURL = AppURL
- default:
- defaultLocalURL = string(Protocol) + "://"
- if HTTPAddr == "0.0.0.0" {
- defaultLocalURL += net.JoinHostPort("localhost", HTTPPort) + "/"
- } else {
- defaultLocalURL += net.JoinHostPort(HTTPAddr, HTTPPort) + "/"
- }
- }
- LocalURL = sec.Key("LOCAL_ROOT_URL").MustString(defaultLocalURL)
- RedirectOtherPort = sec.Key("REDIRECT_OTHER_PORT").MustBool(false)
- PortToRedirect = sec.Key("PORT_TO_REDIRECT").MustString("80")
- OfflineMode = sec.Key("OFFLINE_MODE").MustBool()
- DisableRouterLog = sec.Key("DISABLE_ROUTER_LOG").MustBool()
- if len(StaticRootPath) == 0 {
- StaticRootPath = AppWorkPath
- }
- StaticRootPath = sec.Key("STATIC_ROOT_PATH").MustString(StaticRootPath)
- StaticCacheTime = sec.Key("STATIC_CACHE_TIME").MustDuration(6 * time.Hour)
- AppDataPath = sec.Key("APP_DATA_PATH").MustString(path.Join(AppWorkPath, "data"))
- EnableGzip = sec.Key("ENABLE_GZIP").MustBool()
- EnablePprof = sec.Key("ENABLE_PPROF").MustBool(false)
- PprofDataPath = sec.Key("PPROF_DATA_PATH").MustString(path.Join(AppWorkPath, "data/tmp/pprof"))
- if !filepath.IsAbs(PprofDataPath) {
- PprofDataPath = filepath.Join(AppWorkPath, PprofDataPath)
- }
-
- switch sec.Key("LANDING_PAGE").MustString("home") {
- case "explore":
- LandingPageURL = LandingPageExplore
- case "organizations":
- LandingPageURL = LandingPageOrganizations
- case "login":
- LandingPageURL = LandingPageLogin
- default:
- LandingPageURL = LandingPageHome
- }
-
- if len(SSH.Domain) == 0 {
- SSH.Domain = Domain
- }
- SSH.RootPath = path.Join(homeDir, ".ssh")
- serverCiphers := sec.Key("SSH_SERVER_CIPHERS").Strings(",")
- if len(serverCiphers) > 0 {
- SSH.ServerCiphers = serverCiphers
- }
- serverKeyExchanges := sec.Key("SSH_SERVER_KEY_EXCHANGES").Strings(",")
- if len(serverKeyExchanges) > 0 {
- SSH.ServerKeyExchanges = serverKeyExchanges
- }
- serverMACs := sec.Key("SSH_SERVER_MACS").Strings(",")
- if len(serverMACs) > 0 {
- SSH.ServerMACs = serverMACs
- }
- SSH.KeyTestPath = os.TempDir()
- if err = Cfg.Section("server").MapTo(&SSH); err != nil {
- log.Fatal("Failed to map SSH settings: %v", err)
- }
-
- SSH.KeygenPath = sec.Key("SSH_KEYGEN_PATH").MustString("ssh-keygen")
- SSH.Port = sec.Key("SSH_PORT").MustInt(22)
- SSH.ListenPort = sec.Key("SSH_LISTEN_PORT").MustInt(SSH.Port)
-
- // When disable SSH, start builtin server value is ignored.
- if SSH.Disabled {
- SSH.StartBuiltinServer = false
- }
-
- trustedUserCaKeys := sec.Key("SSH_TRUSTED_USER_CA_KEYS").Strings(",")
- for _, caKey := range trustedUserCaKeys {
- pubKey, _, _, _, err := gossh.ParseAuthorizedKey([]byte(caKey))
- if err != nil {
- log.Fatal("Failed to parse TrustedUserCaKeys: %s %v", caKey, err)
- }
-
- SSH.TrustedUserCAKeysParsed = append(SSH.TrustedUserCAKeysParsed, pubKey)
- }
- if len(trustedUserCaKeys) > 0 {
- // Set the default as email,username otherwise we can leave it empty
- sec.Key("SSH_AUTHORIZED_PRINCIPALS_ALLOW").MustString("username,email")
- } else {
- sec.Key("SSH_AUTHORIZED_PRINCIPALS_ALLOW").MustString("off")
- }
-
- SSH.AuthorizedPrincipalsAllow, SSH.AuthorizedPrincipalsEnabled = parseAuthorizedPrincipalsAllow(sec.Key("SSH_AUTHORIZED_PRINCIPALS_ALLOW").Strings(","))
-
- if !SSH.Disabled && !SSH.StartBuiltinServer {
- if err := os.MkdirAll(SSH.RootPath, 0700); err != nil {
- log.Fatal("Failed to create '%s': %v", SSH.RootPath, err)
- } else if err = os.MkdirAll(SSH.KeyTestPath, 0644); err != nil {
- log.Fatal("Failed to create '%s': %v", SSH.KeyTestPath, err)
- }
-
- if len(trustedUserCaKeys) > 0 && SSH.AuthorizedPrincipalsEnabled {
- fname := sec.Key("SSH_TRUSTED_USER_CA_KEYS_FILENAME").MustString(filepath.Join(SSH.RootPath, "gitea-trusted-user-ca-keys.pem"))
- if err := ioutil.WriteFile(fname,
- []byte(strings.Join(trustedUserCaKeys, "\n")), 0600); err != nil {
- log.Fatal("Failed to create '%s': %v", fname, err)
- }
- }
- }
-
- SSH.MinimumKeySizeCheck = sec.Key("MINIMUM_KEY_SIZE_CHECK").MustBool(SSH.MinimumKeySizeCheck)
- minimumKeySizes := Cfg.Section("ssh.minimum_key_sizes").Keys()
- for _, key := range minimumKeySizes {
- if key.MustInt() != -1 {
- SSH.MinimumKeySizes[strings.ToLower(key.Name())] = key.MustInt()
- } else {
- delete(SSH.MinimumKeySizes, strings.ToLower(key.Name()))
- }
- }
-
- SSH.AuthorizedKeysBackup = sec.Key("SSH_AUTHORIZED_KEYS_BACKUP").MustBool(true)
- SSH.CreateAuthorizedKeysFile = sec.Key("SSH_CREATE_AUTHORIZED_KEYS_FILE").MustBool(true)
-
- SSH.AuthorizedPrincipalsBackup = false
- SSH.CreateAuthorizedPrincipalsFile = false
- if SSH.AuthorizedPrincipalsEnabled {
- SSH.AuthorizedPrincipalsBackup = sec.Key("SSH_AUTHORIZED_PRINCIPALS_BACKUP").MustBool(true)
- SSH.CreateAuthorizedPrincipalsFile = sec.Key("SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE").MustBool(true)
- }
-
- SSH.ExposeAnonymous = sec.Key("SSH_EXPOSE_ANONYMOUS").MustBool(false)
-
- if err = Cfg.Section("oauth2").MapTo(&OAuth2); err != nil {
- log.Fatal("Failed to OAuth2 settings: %v", err)
- return
- }
-
- if OAuth2.Enable {
- OAuth2.JWTSecretBytes = make([]byte, 32)
- n, err := base64.RawURLEncoding.Decode(OAuth2.JWTSecretBytes, []byte(OAuth2.JWTSecretBase64))
-
- if err != nil || n != 32 {
- OAuth2.JWTSecretBase64, err = generate.NewJwtSecret()
- if err != nil {
- log.Fatal("error generating JWT secret: %v", err)
- return
- }
- cfg := ini.Empty()
- if com.IsFile(CustomConf) {
- if err := cfg.Append(CustomConf); err != nil {
- log.Error("failed to load custom conf %s: %v", CustomConf, err)
- return
- }
- }
- cfg.Section("oauth2").Key("JWT_SECRET").SetValue(OAuth2.JWTSecretBase64)
-
- if err := os.MkdirAll(filepath.Dir(CustomConf), os.ModePerm); err != nil {
- log.Fatal("failed to create '%s': %v", CustomConf, err)
- return
- }
- if err := cfg.SaveTo(CustomConf); err != nil {
- log.Fatal("error saving generating JWT secret to custom config: %v", err)
- return
- }
- }
- }
-
- sec = Cfg.Section("admin")
- Admin.DefaultEmailNotification = sec.Key("DEFAULT_EMAIL_NOTIFICATIONS").MustString("enabled")
-
- sec = Cfg.Section("security")
- InstallLock = sec.Key("INSTALL_LOCK").MustBool(false)
- SecretKey = sec.Key("SECRET_KEY").MustString("!#@FDEWREWR&*(")
- LogInRememberDays = sec.Key("LOGIN_REMEMBER_DAYS").MustInt(7)
- CookieUserName = sec.Key("COOKIE_USERNAME").MustString("gitea_awesome")
- CookieRememberName = sec.Key("COOKIE_REMEMBER_NAME").MustString("gitea_incredible")
- ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER")
- ReverseProxyAuthEmail = sec.Key("REVERSE_PROXY_AUTHENTICATION_EMAIL").MustString("X-WEBAUTH-EMAIL")
- MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(6)
- ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false)
- DisableGitHooks = sec.Key("DISABLE_GIT_HOOKS").MustBool(true)
- OnlyAllowPushIfGiteaEnvironmentSet = sec.Key("ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET").MustBool(true)
- PasswordHashAlgo = sec.Key("PASSWORD_HASH_ALGO").MustString("argon2")
- CSRFCookieHTTPOnly = sec.Key("CSRF_COOKIE_HTTP_ONLY").MustBool(true)
- PasswordCheckPwn = sec.Key("PASSWORD_CHECK_PWN").MustBool(false)
-
- InternalToken = loadInternalToken(sec)
-
- cfgdata := sec.Key("PASSWORD_COMPLEXITY").Strings(",")
- if len(cfgdata) == 0 {
- cfgdata = []string{"off"}
- }
- PasswordComplexity = make([]string, 0, len(cfgdata))
- for _, name := range cfgdata {
- name := strings.ToLower(strings.Trim(name, `"`))
- if name != "" {
- PasswordComplexity = append(PasswordComplexity, name)
- }
- }
-
- newStorageService()
- newAttachmentService()
- newLFSService()
-
- timeFormatKey := Cfg.Section("time").Key("FORMAT").MustString("")
- if timeFormatKey != "" {
- TimeFormat = map[string]string{
- "ANSIC": time.ANSIC,
- "UnixDate": time.UnixDate,
- "RubyDate": time.RubyDate,
- "RFC822": time.RFC822,
- "RFC822Z": time.RFC822Z,
- "RFC850": time.RFC850,
- "RFC1123": time.RFC1123,
- "RFC1123Z": time.RFC1123Z,
- "RFC3339": time.RFC3339,
- "RFC3339Nano": time.RFC3339Nano,
- "Kitchen": time.Kitchen,
- "Stamp": time.Stamp,
- "StampMilli": time.StampMilli,
- "StampMicro": time.StampMicro,
- "StampNano": time.StampNano,
- }[timeFormatKey]
- // When the TimeFormatKey does not exist in the previous map e.g.'2006-01-02 15:04:05'
- if len(TimeFormat) == 0 {
- TimeFormat = timeFormatKey
- TestTimeFormat, _ := time.Parse(TimeFormat, TimeFormat)
- if TestTimeFormat.Format(time.RFC3339) != "2006-01-02T15:04:05Z" {
- log.Warn("Provided TimeFormat: %s does not create a fully specified date and time.", TimeFormat)
- log.Warn("In order to display dates and times correctly please check your time format has 2006, 01, 02, 15, 04 and 05")
- }
- log.Trace("Custom TimeFormat: %s", TimeFormat)
- }
- }
-
- zone := Cfg.Section("time").Key("DEFAULT_UI_LOCATION").String()
- if zone != "" {
- DefaultUILocation, err = time.LoadLocation(zone)
- if err != nil {
- log.Fatal("Load time zone failed: %v", err)
- } else {
- log.Info("Default UI Location is %v", zone)
- }
- }
- if DefaultUILocation == nil {
- DefaultUILocation = time.Local
- }
-
- RunUser = Cfg.Section("").Key("RUN_USER").MustString(user.CurrentUsername())
- // Does not check run user when the install lock is off.
- if InstallLock {
- currentUser, match := IsRunUserMatchCurrentUser(RunUser)
- if !match {
- log.Fatal("Expect user '%s' but current user is: %s", RunUser, currentUser)
- }
- }
-
- SSH.BuiltinServerUser = Cfg.Section("server").Key("BUILTIN_SSH_SERVER_USER").MustString(RunUser)
-
- newRepository()
-
- sec = Cfg.Section("picture")
- AvatarUploadPath = sec.Key("AVATAR_UPLOAD_PATH").MustString(path.Join(AppDataPath, "avatars"))
- forcePathSeparator(AvatarUploadPath)
- if !filepath.IsAbs(AvatarUploadPath) {
- AvatarUploadPath = path.Join(AppWorkPath, AvatarUploadPath)
- }
- RepositoryAvatarUploadPath = sec.Key("REPOSITORY_AVATAR_UPLOAD_PATH").MustString(path.Join(AppDataPath, "repo-avatars"))
- forcePathSeparator(RepositoryAvatarUploadPath)
- if !filepath.IsAbs(RepositoryAvatarUploadPath) {
- RepositoryAvatarUploadPath = path.Join(AppWorkPath, RepositoryAvatarUploadPath)
- }
- RepositoryAvatarFallback = sec.Key("REPOSITORY_AVATAR_FALLBACK").MustString("none")
- RepositoryAvatarFallbackImage = sec.Key("REPOSITORY_AVATAR_FALLBACK_IMAGE").MustString("/img/repo_default.png")
- AvatarMaxWidth = sec.Key("AVATAR_MAX_WIDTH").MustInt(4096)
- AvatarMaxHeight = sec.Key("AVATAR_MAX_HEIGHT").MustInt(3072)
- AvatarMaxFileSize = sec.Key("AVATAR_MAX_FILE_SIZE").MustInt64(1048576)
- switch source := sec.Key("GRAVATAR_SOURCE").MustString("gravatar"); source {
- case "duoshuo":
- GravatarSource = "http://gravatar.duoshuo.com/avatar/"
- case "gravatar":
- GravatarSource = "https://secure.gravatar.com/avatar/"
- case "libravatar":
- GravatarSource = "https://seccdn.libravatar.org/avatar/"
- default:
- GravatarSource = source
- }
- DisableGravatar = sec.Key("DISABLE_GRAVATAR").MustBool()
- EnableFederatedAvatar = sec.Key("ENABLE_FEDERATED_AVATAR").MustBool(!InstallLock)
- if OfflineMode {
- DisableGravatar = true
- EnableFederatedAvatar = false
- }
- if DisableGravatar {
- EnableFederatedAvatar = false
- }
- if EnableFederatedAvatar || !DisableGravatar {
- GravatarSourceURL, err = url.Parse(GravatarSource)
- if err != nil {
- log.Fatal("Failed to parse Gravatar URL(%s): %v",
- GravatarSource, err)
- }
- }
-
- if EnableFederatedAvatar {
- LibravatarService = libravatar.New()
- if GravatarSourceURL.Scheme == "https" {
- LibravatarService.SetUseHTTPS(true)
- LibravatarService.SetSecureFallbackHost(GravatarSourceURL.Host)
- } else {
- LibravatarService.SetUseHTTPS(false)
- LibravatarService.SetFallbackHost(GravatarSourceURL.Host)
- }
- }
-
- if err = Cfg.Section("ui").MapTo(&UI); err != nil {
- log.Fatal("Failed to map UI settings: %v", err)
- } else if err = Cfg.Section("markdown").MapTo(&Markdown); err != nil {
- log.Fatal("Failed to map Markdown settings: %v", err)
- } else if err = Cfg.Section("admin").MapTo(&Admin); err != nil {
- log.Fatal("Fail to map Admin settings: %v", err)
- } else if err = Cfg.Section("api").MapTo(&API); err != nil {
- log.Fatal("Failed to map API settings: %v", err)
- } else if err = Cfg.Section("metrics").MapTo(&Metrics); err != nil {
- log.Fatal("Failed to map Metrics settings: %v", err)
- }
-
- u := *appURL
- u.Path = path.Join(u.Path, "api", "swagger")
- API.SwaggerURL = u.String()
-
- newGit()
-
- sec = Cfg.Section("mirror")
- Mirror.MinInterval = sec.Key("MIN_INTERVAL").MustDuration(10 * time.Minute)
- Mirror.DefaultInterval = sec.Key("DEFAULT_INTERVAL").MustDuration(8 * time.Hour)
- if Mirror.MinInterval.Minutes() < 1 {
- log.Warn("Mirror.MinInterval is too low")
- Mirror.MinInterval = 1 * time.Minute
- }
- if Mirror.DefaultInterval < Mirror.MinInterval {
- log.Warn("Mirror.DefaultInterval is less than Mirror.MinInterval")
- Mirror.DefaultInterval = time.Hour * 8
- }
-
- Langs = Cfg.Section("i18n").Key("LANGS").Strings(",")
- if len(Langs) == 0 {
- Langs = []string{
- "en-US", "zh-CN", "zh-HK", "zh-TW", "de-DE", "fr-FR", "nl-NL", "lv-LV",
- "ru-RU", "uk-UA", "ja-JP", "es-ES", "pt-BR", "pt-PT", "pl-PL", "bg-BG",
- "it-IT", "fi-FI", "tr-TR", "cs-CZ", "sr-SP", "sv-SE", "ko-KR"}
- }
- Names = Cfg.Section("i18n").Key("NAMES").Strings(",")
- if len(Names) == 0 {
- Names = []string{"English", "简体中文", "繁體中文(香港)", "繁體中文(台灣)", "Deutsch",
- "français", "Nederlands", "latviešu", "русский", "Українська", "日本語",
- "español", "português do Brasil", "Português de Portugal", "polski", "български",
- "italiano", "suomi", "Türkçe", "čeština", "српски", "svenska", "한국어"}
- }
-
- ShowFooterBranding = Cfg.Section("other").Key("SHOW_FOOTER_BRANDING").MustBool(false)
- ShowFooterVersion = Cfg.Section("other").Key("SHOW_FOOTER_VERSION").MustBool(true)
- ShowFooterTemplateLoadTime = Cfg.Section("other").Key("SHOW_FOOTER_TEMPLATE_LOAD_TIME").MustBool(true)
-
- UI.ShowUserEmail = Cfg.Section("ui").Key("SHOW_USER_EMAIL").MustBool(true)
- UI.DefaultShowFullName = Cfg.Section("ui").Key("DEFAULT_SHOW_FULL_NAME").MustBool(false)
- UI.SearchRepoDescription = Cfg.Section("ui").Key("SEARCH_REPO_DESCRIPTION").MustBool(true)
- UI.UseServiceWorker = Cfg.Section("ui").Key("USE_SERVICE_WORKER").MustBool(true)
-
- HasRobotsTxt = com.IsFile(path.Join(CustomPath, "robots.txt"))
-
- newMarkup()
-
- sec = Cfg.Section("U2F")
- U2F.TrustedFacets, _ = shellquote.Split(sec.Key("TRUSTED_FACETS").MustString(strings.TrimSuffix(AppURL, AppSubURL+"/")))
- U2F.AppID = sec.Key("APP_ID").MustString(strings.TrimSuffix(AppURL, "/"))
-
- UI.ReactionsMap = make(map[string]bool)
- for _, reaction := range UI.Reactions {
- UI.ReactionsMap[reaction] = true
- }
- }
-
- func parseAuthorizedPrincipalsAllow(values []string) ([]string, bool) {
- anything := false
- email := false
- username := false
- for _, value := range values {
- v := strings.ToLower(strings.TrimSpace(value))
- switch v {
- case "off":
- return []string{"off"}, false
- case "email":
- email = true
- case "username":
- username = true
- case "anything":
- anything = true
- }
- }
- if anything {
- return []string{"anything"}, true
- }
-
- authorizedPrincipalsAllow := []string{}
- if username {
- authorizedPrincipalsAllow = append(authorizedPrincipalsAllow, "username")
- }
- if email {
- authorizedPrincipalsAllow = append(authorizedPrincipalsAllow, "email")
- }
-
- return authorizedPrincipalsAllow, true
- }
-
- func loadInternalToken(sec *ini.Section) string {
- uri := sec.Key("INTERNAL_TOKEN_URI").String()
- if len(uri) == 0 {
- return loadOrGenerateInternalToken(sec)
- }
- tempURI, err := url.Parse(uri)
- if err != nil {
- log.Fatal("Failed to parse INTERNAL_TOKEN_URI (%s): %v", uri, err)
- }
- switch tempURI.Scheme {
- case "file":
- fp, err := os.OpenFile(tempURI.RequestURI(), os.O_RDWR, 0600)
- if err != nil {
- log.Fatal("Failed to open InternalTokenURI (%s): %v", uri, err)
- }
- defer fp.Close()
-
- buf, err := ioutil.ReadAll(fp)
- if err != nil {
- log.Fatal("Failed to read InternalTokenURI (%s): %v", uri, err)
- }
- // No token in the file, generate one and store it.
- if len(buf) == 0 {
- token, err := generate.NewInternalToken()
- if err != nil {
- log.Fatal("Error generate internal token: %v", err)
- }
- if _, err := io.WriteString(fp, token); err != nil {
- log.Fatal("Error writing to InternalTokenURI (%s): %v", uri, err)
- }
- return token
- }
-
- return strings.TrimSpace(string(buf))
- default:
- log.Fatal("Unsupported URI-Scheme %q (INTERNAL_TOKEN_URI = %q)", tempURI.Scheme, uri)
- }
- return ""
- }
-
- func loadOrGenerateInternalToken(sec *ini.Section) string {
- var err error
- token := sec.Key("INTERNAL_TOKEN").String()
- if len(token) == 0 {
- token, err = generate.NewInternalToken()
- if err != nil {
- log.Fatal("Error generate internal token: %v", err)
- }
-
- // Save secret
- cfgSave := ini.Empty()
- if com.IsFile(CustomConf) {
- // Keeps custom settings if there is already something.
- if err := cfgSave.Append(CustomConf); err != nil {
- log.Error("Failed to load custom conf '%s': %v", CustomConf, err)
- }
- }
-
- cfgSave.Section("security").Key("INTERNAL_TOKEN").SetValue(token)
-
- if err := os.MkdirAll(filepath.Dir(CustomConf), os.ModePerm); err != nil {
- log.Fatal("Failed to create '%s': %v", CustomConf, err)
- }
- if err := cfgSave.SaveTo(CustomConf); err != nil {
- log.Fatal("Error saving generated INTERNAL_TOKEN to custom config: %v", err)
- }
- }
- return token
- }
-
- // NewServices initializes the services
- func NewServices() {
- InitDBConfig()
- newService()
- NewLogServices(false)
- newCacheService()
- newSessionService()
- newCORSService()
- newMailService()
- newRegisterMailService()
- newNotifyMailService()
- newWebhookService()
- newMigrationsService()
- newIndexerService()
- newTaskService()
- NewQueueService()
- newProject()
- }
|