12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361 |
- // Copyright 2014 The Gogs Authors. All rights reserved.
- // Copyright 2017 The Gitea Authors. All rights reserved.
- // SPDX-License-Identifier: MIT
-
- package setting
-
- import (
- "encoding/base64"
- "fmt"
- "math"
- "net"
- "net/url"
- "os"
- "os/exec"
- "path"
- "path/filepath"
- "runtime"
- "strconv"
- "strings"
- "text/template"
- "time"
-
- "code.gitea.io/gitea/modules/container"
- "code.gitea.io/gitea/modules/generate"
- "code.gitea.io/gitea/modules/json"
- "code.gitea.io/gitea/modules/log"
- "code.gitea.io/gitea/modules/user"
- "code.gitea.io/gitea/modules/util"
-
- gossh "golang.org/x/crypto/ssh"
- ini "gopkg.in/ini.v1"
- )
-
- // Scheme describes protocol types
- type Scheme string
-
- // enumerates all the scheme types
- const (
- HTTP Scheme = "http"
- HTTPS Scheme = "https"
- FCGI Scheme = "fcgi"
- FCGIUnix Scheme = "fcgi+unix"
- HTTPUnix Scheme = "http+unix"
- )
-
- // LandingPage describes the default page
- type LandingPage string
-
- // enumerates all the landing page types
- const (
- LandingPageHome LandingPage = "/"
- LandingPageExplore LandingPage = "/explore"
- LandingPageOrganizations LandingPage = "/explore/organizations"
- LandingPageLogin LandingPage = "/user/login"
- )
-
- // enumerates all the types of captchas
- const (
- ImageCaptcha = "image"
- ReCaptcha = "recaptcha"
- HCaptcha = "hcaptcha"
- MCaptcha = "mcaptcha"
- )
-
- // settings
- var (
- // AppVer is the version of the current build of Gitea. It is set in main.go from main.Version.
- AppVer string
- // AppBuiltWith represents a human readable version go runtime build version and build tags. (See main.go formatBuiltWith().)
- AppBuiltWith string
- // AppStartTime store time gitea has started
- AppStartTime time.Time
- // AppName is the Application name, used in the page title.
- // It maps to ini:"APP_NAME"
- AppName string
- // AppURL is the Application ROOT_URL. It always has a '/' suffix
- // It maps to ini:"ROOT_URL"
- AppURL string
- // AppSubURL represents the sub-url mounting point for gitea. It is either "" or starts with '/' and ends without '/', such as '/{subpath}'.
- // This value is empty if site does not have sub-url.
- AppSubURL string
- // AppPath represents the path to the gitea binary
- AppPath string
- // AppWorkPath is the "working directory" of Gitea. It maps to the environment variable GITEA_WORK_DIR.
- // If that is not set it is the default set here by the linker or failing that the directory of AppPath.
- //
- // AppWorkPath is used as the base path for several other paths.
- AppWorkPath string
- // AppDataPath is the default path for storing data.
- // It maps to ini:"APP_DATA_PATH" in [server] and defaults to AppWorkPath + "/data"
- AppDataPath string
- // LocalURL is the url for locally running applications to contact Gitea. It always has a '/' suffix
- // It maps to ini:"LOCAL_ROOT_URL" in [server]
- LocalURL string
- // AssetVersion holds a opaque value that is used for cache-busting assets
- AssetVersion string
-
- // Server settings
- Protocol Scheme
- UseProxyProtocol bool // `ini:"USE_PROXY_PROTOCOL"`
- ProxyProtocolTLSBridging bool //`ini:"PROXY_PROTOCOL_TLS_BRIDGING"`
- ProxyProtocolHeaderTimeout time.Duration
- ProxyProtocolAcceptUnknown bool
- Domain string
- HTTPAddr string
- HTTPPort string
- LocalUseProxyProtocol bool
- RedirectOtherPort bool
- RedirectorUseProxyProtocol bool
- PortToRedirect string
- OfflineMode bool
- CertFile string
- KeyFile string
- StaticRootPath string
- StaticCacheTime time.Duration
- EnableGzip bool
- LandingPageURL LandingPage
- LandingPageCustom string
- UnixSocketPermission uint32
- EnablePprof bool
- PprofDataPath string
- EnableAcme bool
- AcmeTOS bool
- AcmeLiveDirectory string
- AcmeEmail string
- AcmeURL string
- AcmeCARoot string
- SSLMinimumVersion string
- SSLMaximumVersion string
- SSLCurvePreferences []string
- SSLCipherSuites []string
- GracefulRestartable bool
- GracefulHammerTime time.Duration
- StartupTimeout time.Duration
- PerWriteTimeout = 30 * time.Second
- PerWritePerKbTimeout = 10 * time.Second
- StaticURLPrefix string
- AbsoluteAssetURL string
-
- SSH = struct {
- Disabled bool `ini:"DISABLE_SSH"`
- StartBuiltinServer bool `ini:"START_SSH_SERVER"`
- BuiltinServerUser string `ini:"BUILTIN_SSH_SERVER_USER"`
- UseProxyProtocol bool `ini:"SSH_SERVER_USE_PROXY_PROTOCOL"`
- Domain string `ini:"SSH_DOMAIN"`
- Port int `ini:"SSH_PORT"`
- User string `ini:"SSH_USER"`
- ListenHost string `ini:"SSH_LISTEN_HOST"`
- ListenPort int `ini:"SSH_LISTEN_PORT"`
- RootPath string `ini:"SSH_ROOT_PATH"`
- ServerCiphers []string `ini:"SSH_SERVER_CIPHERS"`
- ServerKeyExchanges []string `ini:"SSH_SERVER_KEY_EXCHANGES"`
- ServerMACs []string `ini:"SSH_SERVER_MACS"`
- ServerHostKeys []string `ini:"SSH_SERVER_HOST_KEYS"`
- KeyTestPath string `ini:"SSH_KEY_TEST_PATH"`
- KeygenPath string `ini:"SSH_KEYGEN_PATH"`
- AuthorizedKeysBackup bool `ini:"SSH_AUTHORIZED_KEYS_BACKUP"`
- AuthorizedPrincipalsBackup bool `ini:"SSH_AUTHORIZED_PRINCIPALS_BACKUP"`
- AuthorizedKeysCommandTemplate string `ini:"SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE"`
- AuthorizedKeysCommandTemplateTemplate *template.Template `ini:"-"`
- MinimumKeySizeCheck bool `ini:"-"`
- MinimumKeySizes map[string]int `ini:"-"`
- CreateAuthorizedKeysFile bool `ini:"SSH_CREATE_AUTHORIZED_KEYS_FILE"`
- CreateAuthorizedPrincipalsFile bool `ini:"SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE"`
- ExposeAnonymous bool `ini:"SSH_EXPOSE_ANONYMOUS"`
- AuthorizedPrincipalsAllow []string `ini:"SSH_AUTHORIZED_PRINCIPALS_ALLOW"`
- AuthorizedPrincipalsEnabled bool `ini:"-"`
- TrustedUserCAKeys []string `ini:"SSH_TRUSTED_USER_CA_KEYS"`
- TrustedUserCAKeysFile string `ini:"SSH_TRUSTED_USER_CA_KEYS_FILENAME"`
- TrustedUserCAKeysParsed []gossh.PublicKey `ini:"-"`
- PerWriteTimeout time.Duration `ini:"SSH_PER_WRITE_TIMEOUT"`
- PerWritePerKbTimeout time.Duration `ini:"SSH_PER_WRITE_PER_KB_TIMEOUT"`
- }{
- Disabled: false,
- StartBuiltinServer: false,
- Domain: "",
- Port: 22,
- ServerCiphers: []string{"chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"},
- ServerKeyExchanges: []string{"curve25519-sha256", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group14-sha256", "diffie-hellman-group14-sha1"},
- ServerMACs: []string{"hmac-sha2-256-etm@openssh.com", "hmac-sha2-256", "hmac-sha1"},
- KeygenPath: "ssh-keygen",
- MinimumKeySizeCheck: true,
- MinimumKeySizes: map[string]int{"ed25519": 256, "ed25519-sk": 256, "ecdsa": 256, "ecdsa-sk": 256, "rsa": 2047},
- ServerHostKeys: []string{"ssh/gitea.rsa", "ssh/gogs.rsa"},
- AuthorizedKeysCommandTemplate: "{{.AppPath}} --config={{.CustomConf}} serv key-{{.Key.ID}}",
- PerWriteTimeout: PerWriteTimeout,
- PerWritePerKbTimeout: PerWritePerKbTimeout,
- }
-
- // Security settings
- InstallLock bool
- SecretKey string
- LogInRememberDays int
- CookieUserName string
- CookieRememberName string
- ReverseProxyAuthUser string
- ReverseProxyAuthEmail string
- ReverseProxyAuthFullName string
- ReverseProxyLimit int
- ReverseProxyTrustedProxies []string
- MinPasswordLength int
- ImportLocalPaths bool
- DisableGitHooks bool
- DisableWebhooks bool
- OnlyAllowPushIfGiteaEnvironmentSet bool
- PasswordComplexity []string
- PasswordHashAlgo string
- PasswordCheckPwn bool
- SuccessfulTokensCacheSize int
-
- Camo = struct {
- Enabled bool
- ServerURL string `ini:"SERVER_URL"`
- HMACKey string `ini:"HMAC_KEY"`
- Allways bool
- }{}
-
- // UI settings
- UI = struct {
- ExplorePagingNum int
- SitemapPagingNum int
- IssuePagingNum int
- RepoSearchPagingNum int
- MembersPagingNum int
- FeedMaxCommitNum int
- FeedPagingNum int
- PackagesPagingNum int
- GraphMaxCommitNum int
- CodeCommentLines int
- ReactionMaxUserNum int
- ThemeColorMetaTag string
- MaxDisplayFileSize int64
- ShowUserEmail bool
- DefaultShowFullName bool
- DefaultTheme string
- Themes []string
- Reactions []string
- ReactionsLookup container.Set[string] `ini:"-"`
- CustomEmojis []string
- CustomEmojisMap map[string]string `ini:"-"`
- SearchRepoDescription bool
- UseServiceWorker bool
- OnlyShowRelevantRepos bool
-
- Notification struct {
- MinTimeout time.Duration
- TimeoutStep time.Duration
- MaxTimeout time.Duration
- EventSourceUpdateTime time.Duration
- } `ini:"ui.notification"`
-
- SVG struct {
- Enabled bool `ini:"ENABLE_RENDER"`
- } `ini:"ui.svg"`
-
- CSV struct {
- MaxFileSize int64
- } `ini:"ui.csv"`
-
- Admin struct {
- UserPagingNum int
- RepoPagingNum int
- NoticePagingNum int
- OrgPagingNum int
- } `ini:"ui.admin"`
- User struct {
- RepoPagingNum int
- } `ini:"ui.user"`
- Meta struct {
- Author string
- Description string
- Keywords string
- } `ini:"ui.meta"`
- }{
- ExplorePagingNum: 20,
- SitemapPagingNum: 20,
- IssuePagingNum: 20,
- RepoSearchPagingNum: 20,
- MembersPagingNum: 20,
- FeedMaxCommitNum: 5,
- FeedPagingNum: 20,
- PackagesPagingNum: 20,
- GraphMaxCommitNum: 100,
- CodeCommentLines: 4,
- ReactionMaxUserNum: 10,
- ThemeColorMetaTag: `#6cc644`,
- MaxDisplayFileSize: 8388608,
- DefaultTheme: `auto`,
- Themes: []string{`auto`, `gitea`, `arc-green`},
- Reactions: []string{`+1`, `-1`, `laugh`, `hooray`, `confused`, `heart`, `rocket`, `eyes`},
- CustomEmojis: []string{`git`, `gitea`, `codeberg`, `gitlab`, `github`, `gogs`},
- CustomEmojisMap: map[string]string{"git": ":git:", "gitea": ":gitea:", "codeberg": ":codeberg:", "gitlab": ":gitlab:", "github": ":github:", "gogs": ":gogs:"},
- Notification: struct {
- MinTimeout time.Duration
- TimeoutStep time.Duration
- MaxTimeout time.Duration
- EventSourceUpdateTime time.Duration
- }{
- MinTimeout: 10 * time.Second,
- TimeoutStep: 10 * time.Second,
- MaxTimeout: 60 * time.Second,
- EventSourceUpdateTime: 10 * time.Second,
- },
- SVG: struct {
- Enabled bool `ini:"ENABLE_RENDER"`
- }{
- Enabled: true,
- },
- CSV: struct {
- MaxFileSize int64
- }{
- MaxFileSize: 524288,
- },
- Admin: struct {
- UserPagingNum int
- RepoPagingNum int
- NoticePagingNum int
- OrgPagingNum int
- }{
- UserPagingNum: 50,
- RepoPagingNum: 50,
- NoticePagingNum: 25,
- OrgPagingNum: 50,
- },
- User: struct {
- RepoPagingNum int
- }{
- RepoPagingNum: 15,
- },
- Meta: struct {
- Author string
- Description string
- Keywords string
- }{
- Author: "Gitea - Git with a cup of tea",
- Description: "Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go",
- Keywords: "go,git,self-hosted,gitea",
- },
- }
-
- // Markdown settings
- Markdown = struct {
- EnableHardLineBreakInComments bool
- EnableHardLineBreakInDocuments bool
- CustomURLSchemes []string `ini:"CUSTOM_URL_SCHEMES"`
- FileExtensions []string
- EnableMath bool
- }{
- EnableHardLineBreakInComments: true,
- EnableHardLineBreakInDocuments: false,
- FileExtensions: strings.Split(".md,.markdown,.mdown,.mkd", ","),
- EnableMath: true,
- }
-
- // Admin settings
- Admin struct {
- DisableRegularOrgCreation bool
- DefaultEmailNotification string
- }
-
- // Log settings
- LogLevel log.Level
- StacktraceLogLevel string
- LogRootPath string
- EnableSSHLog bool
- EnableXORMLog bool
-
- DisableRouterLog bool
-
- EnableAccessLog bool
- AccessLogTemplate string
-
- // Time settings
- TimeFormat string
- // UILocation is the location on the UI, so that we can display the time on UI.
- DefaultUILocation = time.Local
-
- CSRFCookieName = "_csrf"
- CSRFCookieHTTPOnly = true
-
- ManifestData string
-
- // API settings
- API = struct {
- EnableSwagger bool
- SwaggerURL string
- MaxResponseItems int
- DefaultPagingNum int
- DefaultGitTreesPerPage int
- DefaultMaxBlobSize int64
- }{
- EnableSwagger: true,
- SwaggerURL: "",
- MaxResponseItems: 50,
- DefaultPagingNum: 30,
- DefaultGitTreesPerPage: 1000,
- DefaultMaxBlobSize: 10485760,
- }
-
- OAuth2 = struct {
- Enable bool
- AccessTokenExpirationTime int64
- RefreshTokenExpirationTime int64
- InvalidateRefreshTokens bool
- JWTSigningAlgorithm string `ini:"JWT_SIGNING_ALGORITHM"`
- JWTSecretBase64 string `ini:"JWT_SECRET"`
- JWTSigningPrivateKeyFile string `ini:"JWT_SIGNING_PRIVATE_KEY_FILE"`
- MaxTokenLength int
- }{
- Enable: true,
- AccessTokenExpirationTime: 3600,
- RefreshTokenExpirationTime: 730,
- InvalidateRefreshTokens: false,
- JWTSigningAlgorithm: "RS256",
- JWTSigningPrivateKeyFile: "jwt/private.pem",
- MaxTokenLength: math.MaxInt16,
- }
-
- // Metrics settings
- Metrics = struct {
- Enabled bool
- Token string
- EnabledIssueByLabel bool
- EnabledIssueByRepository bool
- }{
- Enabled: false,
- Token: "",
- EnabledIssueByLabel: false,
- EnabledIssueByRepository: false,
- }
-
- // I18n settings
- Langs []string
- Names []string
-
- // Highlight settings are loaded in modules/template/highlight.go
-
- // Other settings
- ShowFooterBranding bool
- ShowFooterVersion bool
- ShowFooterTemplateLoadTime bool
- EnableFeed bool
-
- // Global setting objects
- Cfg *ini.File
- CustomPath string // Custom directory path
- CustomConf string
- PIDFile = "/run/gitea.pid"
- WritePIDFile bool
- RunMode string
- IsProd bool
- RunUser string
- IsWindows bool
- HasRobotsTxt bool
- EnableSitemap bool
- InternalToken string // internal access token
- )
-
- func getAppPath() (string, error) {
- var appPath string
- var err error
- if IsWindows && filepath.IsAbs(os.Args[0]) {
- appPath = filepath.Clean(os.Args[0])
- } else {
- appPath, err = exec.LookPath(os.Args[0])
- }
-
- if err != nil {
- // FIXME: Once we switch to go 1.19 use !errors.Is(err, exec.ErrDot)
- if !strings.Contains(err.Error(), "cannot run executable found relative to current directory") {
- return "", err
- }
- appPath, err = filepath.Abs(os.Args[0])
- }
- if err != nil {
- return "", err
- }
- appPath, err = filepath.Abs(appPath)
- if err != nil {
- return "", err
- }
- // Note: we don't use path.Dir here because it does not handle case
- // which path starts with two "/" in Windows: "//psf/Home/..."
- return strings.ReplaceAll(appPath, "\\", "/"), err
- }
-
- func getWorkPath(appPath string) string {
- workPath := AppWorkPath
-
- if giteaWorkPath, ok := os.LookupEnv("GITEA_WORK_DIR"); ok {
- workPath = giteaWorkPath
- }
- if len(workPath) == 0 {
- i := strings.LastIndex(appPath, "/")
- if i == -1 {
- workPath = appPath
- } else {
- workPath = appPath[:i]
- }
- }
- workPath = strings.ReplaceAll(workPath, "\\", "/")
- if !filepath.IsAbs(workPath) {
- log.Info("Provided work path %s is not absolute - will be made absolute against the current working directory", workPath)
-
- absPath, err := filepath.Abs(workPath)
- if err != nil {
- log.Error("Unable to absolute %s against the current working directory %v. Will absolute against the AppPath %s", workPath, err, appPath)
- workPath = filepath.Join(appPath, workPath)
- } else {
- workPath = absPath
- }
- }
- return strings.ReplaceAll(workPath, "\\", "/")
- }
-
- func init() {
- IsWindows = runtime.GOOS == "windows"
- // We can rely on log.CanColorStdout being set properly because modules/log/console_windows.go comes before modules/setting/setting.go lexicographically
- // By default set this logger at Info - we'll change it later but we need to start with something.
- log.NewLogger(0, "console", "console", fmt.Sprintf(`{"level": "info", "colorize": %t, "stacktraceLevel": "none"}`, log.CanColorStdout))
-
- var err error
- if AppPath, err = getAppPath(); err != nil {
- log.Fatal("Failed to get app path: %v", err)
- }
- AppWorkPath = getWorkPath(AppPath)
- }
-
- func forcePathSeparator(path string) {
- if strings.Contains(path, "\\") {
- log.Fatal("Do not use '\\' or '\\\\' in paths, instead, please use '/' in all places")
- }
- }
-
- // IsRunUserMatchCurrentUser returns false if configured run user does not match
- // actual user that runs the app. The first return value is the actual user name.
- // This check is ignored under Windows since SSH remote login is not the main
- // method to login on Windows.
- func IsRunUserMatchCurrentUser(runUser string) (string, bool) {
- if IsWindows || SSH.StartBuiltinServer {
- return "", true
- }
-
- currentUser := user.CurrentUsername()
- return currentUser, runUser == currentUser
- }
-
- func createPIDFile(pidPath string) {
- currentPid := os.Getpid()
- if err := os.MkdirAll(filepath.Dir(pidPath), os.ModePerm); err != nil {
- log.Fatal("Failed to create PID folder: %v", err)
- }
-
- file, err := os.Create(pidPath)
- if err != nil {
- log.Fatal("Failed to create PID file: %v", err)
- }
- defer file.Close()
- if _, err := file.WriteString(strconv.FormatInt(int64(currentPid), 10)); err != nil {
- log.Fatal("Failed to write PID information: %v", err)
- }
- }
-
- // SetCustomPathAndConf will set CustomPath and CustomConf with reference to the
- // GITEA_CUSTOM environment variable and with provided overrides before stepping
- // back to the default
- func SetCustomPathAndConf(providedCustom, providedConf, providedWorkPath string) {
- if len(providedWorkPath) != 0 {
- AppWorkPath = filepath.ToSlash(providedWorkPath)
- }
- if giteaCustom, ok := os.LookupEnv("GITEA_CUSTOM"); ok {
- CustomPath = giteaCustom
- }
- if len(providedCustom) != 0 {
- CustomPath = providedCustom
- }
- if len(CustomPath) == 0 {
- CustomPath = path.Join(AppWorkPath, "custom")
- } else if !filepath.IsAbs(CustomPath) {
- CustomPath = path.Join(AppWorkPath, CustomPath)
- }
-
- if len(providedConf) != 0 {
- CustomConf = providedConf
- }
- if len(CustomConf) == 0 {
- CustomConf = path.Join(CustomPath, "conf/app.ini")
- } else if !filepath.IsAbs(CustomConf) {
- CustomConf = path.Join(CustomPath, CustomConf)
- log.Warn("Using 'custom' directory as relative origin for configuration file: '%s'", CustomConf)
- }
- }
-
- // LoadFromExisting initializes setting options from an existing config file (app.ini)
- func LoadFromExisting() {
- loadFromConf(false, "")
- }
-
- // LoadAllowEmpty initializes setting options, it's also fine that if the config file (app.ini) doesn't exist
- func LoadAllowEmpty() {
- loadFromConf(true, "")
- }
-
- // LoadForTest initializes setting options for tests
- func LoadForTest(extraConfigs ...string) {
- loadFromConf(true, strings.Join(extraConfigs, "\n"))
- if err := PrepareAppDataPath(); err != nil {
- log.Fatal("Can not prepare APP_DATA_PATH: %v", err)
- }
- }
-
- func deprecatedSetting(oldSection, oldKey, newSection, newKey string) {
- if Cfg.Section(oldSection).HasKey(oldKey) {
- log.Error("Deprecated fallback `[%s]` `%s` present. Use `[%s]` `%s` instead. This fallback will be removed in v1.19.0", oldSection, oldKey, newSection, newKey)
- }
- }
-
- // deprecatedSettingDB add a hint that the configuration has been moved to database but still kept in app.ini
- func deprecatedSettingDB(oldSection, oldKey string) {
- if Cfg.Section(oldSection).HasKey(oldKey) {
- log.Error("Deprecated `[%s]` `%s` present which has been copied to database table sys_setting", oldSection, oldKey)
- }
- }
-
- // loadFromConf initializes configuration context.
- // NOTE: do not print any log except error.
- func loadFromConf(allowEmpty bool, extraConfig string) {
- Cfg = ini.Empty()
-
- if WritePIDFile && len(PIDFile) > 0 {
- createPIDFile(PIDFile)
- }
-
- isFile, err := util.IsFile(CustomConf)
- if err != nil {
- log.Error("Unable to check if %s is a file. Error: %v", CustomConf, err)
- }
- if isFile {
- if err := Cfg.Append(CustomConf); err != nil {
- log.Fatal("Failed to load custom conf '%s': %v", CustomConf, err)
- }
- } else if !allowEmpty {
- log.Fatal("Unable to find configuration file: %q.\nEnsure you are running in the correct environment or set the correct configuration file with -c.", CustomConf)
- } // else: no config file, a config file might be created at CustomConf later (might not)
-
- if extraConfig != "" {
- if err = Cfg.Append([]byte(extraConfig)); err != nil {
- log.Fatal("Unable to append more config: %v", err)
- }
- }
-
- Cfg.NameMapper = ini.SnackCase
-
- homeDir, err := util.HomeDir()
- if err != nil {
- log.Fatal("Failed to get home directory: %v", err)
- }
- homeDir = strings.ReplaceAll(homeDir, "\\", "/")
-
- LogLevel = getLogLevel(Cfg.Section("log"), "LEVEL", log.INFO)
- StacktraceLogLevel = getStacktraceLogLevel(Cfg.Section("log"), "STACKTRACE_LEVEL", "None")
- LogRootPath = Cfg.Section("log").Key("ROOT_PATH").MustString(path.Join(AppWorkPath, "log"))
- forcePathSeparator(LogRootPath)
-
- sec := Cfg.Section("server")
- AppName = Cfg.Section("").Key("APP_NAME").MustString("Gitea: Git with a cup of tea")
-
- Domain = sec.Key("DOMAIN").MustString("localhost")
- HTTPAddr = sec.Key("HTTP_ADDR").MustString("0.0.0.0")
- HTTPPort = sec.Key("HTTP_PORT").MustString("3000")
-
- Protocol = HTTP
- protocolCfg := sec.Key("PROTOCOL").String()
- switch protocolCfg {
- case "https":
- Protocol = HTTPS
- // FIXME: DEPRECATED to be removed in v1.18.0
- if sec.HasKey("ENABLE_ACME") {
- EnableAcme = sec.Key("ENABLE_ACME").MustBool(false)
- } else {
- deprecatedSetting("server", "ENABLE_LETSENCRYPT", "server", "ENABLE_ACME")
- EnableAcme = sec.Key("ENABLE_LETSENCRYPT").MustBool(false)
- }
- if EnableAcme {
- AcmeURL = sec.Key("ACME_URL").MustString("")
- AcmeCARoot = sec.Key("ACME_CA_ROOT").MustString("")
- // FIXME: DEPRECATED to be removed in v1.18.0
- if sec.HasKey("ACME_ACCEPTTOS") {
- AcmeTOS = sec.Key("ACME_ACCEPTTOS").MustBool(false)
- } else {
- deprecatedSetting("server", "LETSENCRYPT_ACCEPTTOS", "server", "ACME_ACCEPTTOS")
- AcmeTOS = sec.Key("LETSENCRYPT_ACCEPTTOS").MustBool(false)
- }
- if !AcmeTOS {
- log.Fatal("ACME TOS is not accepted (ACME_ACCEPTTOS).")
- }
- // FIXME: DEPRECATED to be removed in v1.18.0
- if sec.HasKey("ACME_DIRECTORY") {
- AcmeLiveDirectory = sec.Key("ACME_DIRECTORY").MustString("https")
- } else {
- deprecatedSetting("server", "LETSENCRYPT_DIRECTORY", "server", "ACME_DIRECTORY")
- AcmeLiveDirectory = sec.Key("LETSENCRYPT_DIRECTORY").MustString("https")
- }
- // FIXME: DEPRECATED to be removed in v1.18.0
- if sec.HasKey("ACME_EMAIL") {
- AcmeEmail = sec.Key("ACME_EMAIL").MustString("")
- } else {
- deprecatedSetting("server", "LETSENCRYPT_EMAIL", "server", "ACME_EMAIL")
- AcmeEmail = sec.Key("LETSENCRYPT_EMAIL").MustString("")
- }
- } else {
- CertFile = sec.Key("CERT_FILE").String()
- KeyFile = sec.Key("KEY_FILE").String()
- if len(CertFile) > 0 && !filepath.IsAbs(CertFile) {
- CertFile = filepath.Join(CustomPath, CertFile)
- }
- if len(KeyFile) > 0 && !filepath.IsAbs(KeyFile) {
- KeyFile = filepath.Join(CustomPath, KeyFile)
- }
- }
- SSLMinimumVersion = sec.Key("SSL_MIN_VERSION").MustString("")
- SSLMaximumVersion = sec.Key("SSL_MAX_VERSION").MustString("")
- SSLCurvePreferences = sec.Key("SSL_CURVE_PREFERENCES").Strings(",")
- SSLCipherSuites = sec.Key("SSL_CIPHER_SUITES").Strings(",")
- case "fcgi":
- Protocol = FCGI
- case "fcgi+unix", "unix", "http+unix":
- switch protocolCfg {
- case "fcgi+unix":
- Protocol = FCGIUnix
- case "unix":
- log.Warn("unix PROTOCOL value is deprecated, please use http+unix")
- fallthrough
- case "http+unix":
- Protocol = HTTPUnix
- }
- UnixSocketPermissionRaw := sec.Key("UNIX_SOCKET_PERMISSION").MustString("666")
- UnixSocketPermissionParsed, err := strconv.ParseUint(UnixSocketPermissionRaw, 8, 32)
- if err != nil || UnixSocketPermissionParsed > 0o777 {
- log.Fatal("Failed to parse unixSocketPermission: %s", UnixSocketPermissionRaw)
- }
-
- UnixSocketPermission = uint32(UnixSocketPermissionParsed)
- if !filepath.IsAbs(HTTPAddr) {
- HTTPAddr = filepath.Join(AppWorkPath, HTTPAddr)
- }
- }
- UseProxyProtocol = sec.Key("USE_PROXY_PROTOCOL").MustBool(false)
- ProxyProtocolTLSBridging = sec.Key("PROXY_PROTOCOL_TLS_BRIDGING").MustBool(false)
- ProxyProtocolHeaderTimeout = sec.Key("PROXY_PROTOCOL_HEADER_TIMEOUT").MustDuration(5 * time.Second)
- ProxyProtocolAcceptUnknown = sec.Key("PROXY_PROTOCOL_ACCEPT_UNKNOWN").MustBool(false)
- GracefulRestartable = sec.Key("ALLOW_GRACEFUL_RESTARTS").MustBool(true)
- GracefulHammerTime = sec.Key("GRACEFUL_HAMMER_TIME").MustDuration(60 * time.Second)
- StartupTimeout = sec.Key("STARTUP_TIMEOUT").MustDuration(0 * time.Second)
- PerWriteTimeout = sec.Key("PER_WRITE_TIMEOUT").MustDuration(PerWriteTimeout)
- PerWritePerKbTimeout = sec.Key("PER_WRITE_PER_KB_TIMEOUT").MustDuration(PerWritePerKbTimeout)
-
- defaultAppURL := string(Protocol) + "://" + Domain + ":" + HTTPPort
- AppURL = sec.Key("ROOT_URL").MustString(defaultAppURL)
-
- // Check validity of AppURL
- appURL, err := url.Parse(AppURL)
- if err != nil {
- log.Fatal("Invalid ROOT_URL '%s': %s", AppURL, err)
- }
- // Remove default ports from AppURL.
- // (scheme-based URL normalization, RFC 3986 section 6.2.3)
- if (appURL.Scheme == string(HTTP) && appURL.Port() == "80") || (appURL.Scheme == string(HTTPS) && appURL.Port() == "443") {
- appURL.Host = appURL.Hostname()
- }
- // This should be TrimRight to ensure that there is only a single '/' at the end of AppURL.
- AppURL = strings.TrimRight(appURL.String(), "/") + "/"
-
- // Suburl should start with '/' and end without '/', such as '/{subpath}'.
- // This value is empty if site does not have sub-url.
- AppSubURL = strings.TrimSuffix(appURL.Path, "/")
- StaticURLPrefix = strings.TrimSuffix(sec.Key("STATIC_URL_PREFIX").MustString(AppSubURL), "/")
-
- // Check if Domain differs from AppURL domain than update it to AppURL's domain
- urlHostname := appURL.Hostname()
- if urlHostname != Domain && net.ParseIP(urlHostname) == nil && urlHostname != "" {
- Domain = urlHostname
- }
-
- AbsoluteAssetURL = MakeAbsoluteAssetURL(AppURL, StaticURLPrefix)
- AssetVersion = strings.ReplaceAll(AppVer, "+", "~") // make sure the version string is clear (no real escaping is needed)
-
- manifestBytes := MakeManifestData(AppName, AppURL, AbsoluteAssetURL)
- ManifestData = `application/json;base64,` + base64.StdEncoding.EncodeToString(manifestBytes)
-
- var defaultLocalURL string
- switch Protocol {
- case HTTPUnix:
- defaultLocalURL = "http://unix/"
- case FCGI:
- defaultLocalURL = AppURL
- case FCGIUnix:
- defaultLocalURL = AppURL
- default:
- defaultLocalURL = string(Protocol) + "://"
- if HTTPAddr == "0.0.0.0" {
- defaultLocalURL += net.JoinHostPort("localhost", HTTPPort) + "/"
- } else {
- defaultLocalURL += net.JoinHostPort(HTTPAddr, HTTPPort) + "/"
- }
- }
- LocalURL = sec.Key("LOCAL_ROOT_URL").MustString(defaultLocalURL)
- LocalURL = strings.TrimRight(LocalURL, "/") + "/"
- LocalUseProxyProtocol = sec.Key("LOCAL_USE_PROXY_PROTOCOL").MustBool(UseProxyProtocol)
- RedirectOtherPort = sec.Key("REDIRECT_OTHER_PORT").MustBool(false)
- PortToRedirect = sec.Key("PORT_TO_REDIRECT").MustString("80")
- RedirectorUseProxyProtocol = sec.Key("REDIRECTOR_USE_PROXY_PROTOCOL").MustBool(UseProxyProtocol)
- OfflineMode = sec.Key("OFFLINE_MODE").MustBool()
- DisableRouterLog = sec.Key("DISABLE_ROUTER_LOG").MustBool()
- if len(StaticRootPath) == 0 {
- StaticRootPath = AppWorkPath
- }
- StaticRootPath = sec.Key("STATIC_ROOT_PATH").MustString(StaticRootPath)
- StaticCacheTime = sec.Key("STATIC_CACHE_TIME").MustDuration(6 * time.Hour)
- AppDataPath = sec.Key("APP_DATA_PATH").MustString(path.Join(AppWorkPath, "data"))
- if !filepath.IsAbs(AppDataPath) {
- log.Info("The provided APP_DATA_PATH: %s is not absolute - it will be made absolute against the work path: %s", AppDataPath, AppWorkPath)
- AppDataPath = filepath.ToSlash(filepath.Join(AppWorkPath, AppDataPath))
- }
-
- EnableGzip = sec.Key("ENABLE_GZIP").MustBool()
- EnablePprof = sec.Key("ENABLE_PPROF").MustBool(false)
- PprofDataPath = sec.Key("PPROF_DATA_PATH").MustString(path.Join(AppWorkPath, "data/tmp/pprof"))
- if !filepath.IsAbs(PprofDataPath) {
- PprofDataPath = filepath.Join(AppWorkPath, PprofDataPath)
- }
-
- landingPage := sec.Key("LANDING_PAGE").MustString("home")
- switch landingPage {
- case "explore":
- LandingPageURL = LandingPageExplore
- case "organizations":
- LandingPageURL = LandingPageOrganizations
- case "login":
- LandingPageURL = LandingPageLogin
- case "":
- case "home":
- LandingPageURL = LandingPageHome
- default:
- LandingPageURL = LandingPage(landingPage)
- }
-
- if len(SSH.Domain) == 0 {
- SSH.Domain = Domain
- }
- SSH.RootPath = path.Join(homeDir, ".ssh")
- serverCiphers := sec.Key("SSH_SERVER_CIPHERS").Strings(",")
- if len(serverCiphers) > 0 {
- SSH.ServerCiphers = serverCiphers
- }
- serverKeyExchanges := sec.Key("SSH_SERVER_KEY_EXCHANGES").Strings(",")
- if len(serverKeyExchanges) > 0 {
- SSH.ServerKeyExchanges = serverKeyExchanges
- }
- serverMACs := sec.Key("SSH_SERVER_MACS").Strings(",")
- if len(serverMACs) > 0 {
- SSH.ServerMACs = serverMACs
- }
- SSH.KeyTestPath = os.TempDir()
- if err = Cfg.Section("server").MapTo(&SSH); err != nil {
- log.Fatal("Failed to map SSH settings: %v", err)
- }
- for i, key := range SSH.ServerHostKeys {
- if !filepath.IsAbs(key) {
- SSH.ServerHostKeys[i] = filepath.Join(AppDataPath, key)
- }
- }
-
- SSH.KeygenPath = sec.Key("SSH_KEYGEN_PATH").MustString("ssh-keygen")
- SSH.Port = sec.Key("SSH_PORT").MustInt(22)
- SSH.ListenPort = sec.Key("SSH_LISTEN_PORT").MustInt(SSH.Port)
- SSH.UseProxyProtocol = sec.Key("SSH_SERVER_USE_PROXY_PROTOCOL").MustBool(false)
-
- // When disable SSH, start builtin server value is ignored.
- if SSH.Disabled {
- SSH.StartBuiltinServer = false
- }
-
- SSH.TrustedUserCAKeysFile = sec.Key("SSH_TRUSTED_USER_CA_KEYS_FILENAME").MustString(filepath.Join(SSH.RootPath, "gitea-trusted-user-ca-keys.pem"))
-
- for _, caKey := range SSH.TrustedUserCAKeys {
- pubKey, _, _, _, err := gossh.ParseAuthorizedKey([]byte(caKey))
- if err != nil {
- log.Fatal("Failed to parse TrustedUserCaKeys: %s %v", caKey, err)
- }
-
- SSH.TrustedUserCAKeysParsed = append(SSH.TrustedUserCAKeysParsed, pubKey)
- }
- if len(SSH.TrustedUserCAKeys) > 0 {
- // Set the default as email,username otherwise we can leave it empty
- sec.Key("SSH_AUTHORIZED_PRINCIPALS_ALLOW").MustString("username,email")
- } else {
- sec.Key("SSH_AUTHORIZED_PRINCIPALS_ALLOW").MustString("off")
- }
-
- SSH.AuthorizedPrincipalsAllow, SSH.AuthorizedPrincipalsEnabled = parseAuthorizedPrincipalsAllow(sec.Key("SSH_AUTHORIZED_PRINCIPALS_ALLOW").Strings(","))
-
- SSH.MinimumKeySizeCheck = sec.Key("MINIMUM_KEY_SIZE_CHECK").MustBool(SSH.MinimumKeySizeCheck)
- minimumKeySizes := Cfg.Section("ssh.minimum_key_sizes").Keys()
- for _, key := range minimumKeySizes {
- if key.MustInt() != -1 {
- SSH.MinimumKeySizes[strings.ToLower(key.Name())] = key.MustInt()
- } else {
- delete(SSH.MinimumKeySizes, strings.ToLower(key.Name()))
- }
- }
-
- SSH.AuthorizedKeysBackup = sec.Key("SSH_AUTHORIZED_KEYS_BACKUP").MustBool(true)
- SSH.CreateAuthorizedKeysFile = sec.Key("SSH_CREATE_AUTHORIZED_KEYS_FILE").MustBool(true)
-
- SSH.AuthorizedPrincipalsBackup = false
- SSH.CreateAuthorizedPrincipalsFile = false
- if SSH.AuthorizedPrincipalsEnabled {
- SSH.AuthorizedPrincipalsBackup = sec.Key("SSH_AUTHORIZED_PRINCIPALS_BACKUP").MustBool(true)
- SSH.CreateAuthorizedPrincipalsFile = sec.Key("SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE").MustBool(true)
- }
-
- SSH.ExposeAnonymous = sec.Key("SSH_EXPOSE_ANONYMOUS").MustBool(false)
- SSH.AuthorizedKeysCommandTemplate = sec.Key("SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE").MustString(SSH.AuthorizedKeysCommandTemplate)
-
- SSH.AuthorizedKeysCommandTemplateTemplate = template.Must(template.New("").Parse(SSH.AuthorizedKeysCommandTemplate))
-
- SSH.PerWriteTimeout = sec.Key("SSH_PER_WRITE_TIMEOUT").MustDuration(PerWriteTimeout)
- SSH.PerWritePerKbTimeout = sec.Key("SSH_PER_WRITE_PER_KB_TIMEOUT").MustDuration(PerWritePerKbTimeout)
-
- if err = Cfg.Section("oauth2").MapTo(&OAuth2); err != nil {
- log.Fatal("Failed to OAuth2 settings: %v", err)
- return
- }
-
- if !filepath.IsAbs(OAuth2.JWTSigningPrivateKeyFile) {
- OAuth2.JWTSigningPrivateKeyFile = filepath.Join(AppDataPath, OAuth2.JWTSigningPrivateKeyFile)
- }
-
- sec = Cfg.Section("admin")
- Admin.DefaultEmailNotification = sec.Key("DEFAULT_EMAIL_NOTIFICATIONS").MustString("enabled")
-
- sec = Cfg.Section("security")
- InstallLock = sec.Key("INSTALL_LOCK").MustBool(false)
- LogInRememberDays = sec.Key("LOGIN_REMEMBER_DAYS").MustInt(7)
- CookieUserName = sec.Key("COOKIE_USERNAME").MustString("gitea_awesome")
- SecretKey = loadSecret(sec, "SECRET_KEY_URI", "SECRET_KEY")
- if SecretKey == "" {
- // FIXME: https://github.com/go-gitea/gitea/issues/16832
- // Until it supports rotating an existing secret key, we shouldn't move users off of the widely used default value
- SecretKey = "!#@FDEWREWR&*(" //nolint:gosec
- }
-
- CookieRememberName = sec.Key("COOKIE_REMEMBER_NAME").MustString("gitea_incredible")
-
- ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER")
- ReverseProxyAuthEmail = sec.Key("REVERSE_PROXY_AUTHENTICATION_EMAIL").MustString("X-WEBAUTH-EMAIL")
- ReverseProxyAuthFullName = sec.Key("REVERSE_PROXY_AUTHENTICATION_FULL_NAME").MustString("X-WEBAUTH-FULLNAME")
-
- ReverseProxyLimit = sec.Key("REVERSE_PROXY_LIMIT").MustInt(1)
- ReverseProxyTrustedProxies = sec.Key("REVERSE_PROXY_TRUSTED_PROXIES").Strings(",")
- if len(ReverseProxyTrustedProxies) == 0 {
- ReverseProxyTrustedProxies = []string{"127.0.0.0/8", "::1/128"}
- }
-
- MinPasswordLength = sec.Key("MIN_PASSWORD_LENGTH").MustInt(6)
- ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false)
- DisableGitHooks = sec.Key("DISABLE_GIT_HOOKS").MustBool(true)
- DisableWebhooks = sec.Key("DISABLE_WEBHOOKS").MustBool(false)
- OnlyAllowPushIfGiteaEnvironmentSet = sec.Key("ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET").MustBool(true)
- PasswordHashAlgo = sec.Key("PASSWORD_HASH_ALGO").MustString("pbkdf2")
- CSRFCookieHTTPOnly = sec.Key("CSRF_COOKIE_HTTP_ONLY").MustBool(true)
- PasswordCheckPwn = sec.Key("PASSWORD_CHECK_PWN").MustBool(false)
- SuccessfulTokensCacheSize = sec.Key("SUCCESSFUL_TOKENS_CACHE_SIZE").MustInt(20)
-
- InternalToken = loadSecret(sec, "INTERNAL_TOKEN_URI", "INTERNAL_TOKEN")
- if InstallLock && InternalToken == "" {
- // if Gitea has been installed but the InternalToken hasn't been generated (upgrade from an old release), we should generate
- // some users do cluster deployment, they still depend on this auto-generating behavior.
- generateSaveInternalToken()
- }
-
- cfgdata := sec.Key("PASSWORD_COMPLEXITY").Strings(",")
- if len(cfgdata) == 0 {
- cfgdata = []string{"off"}
- }
- PasswordComplexity = make([]string, 0, len(cfgdata))
- for _, name := range cfgdata {
- name := strings.ToLower(strings.Trim(name, `"`))
- if name != "" {
- PasswordComplexity = append(PasswordComplexity, name)
- }
- }
-
- newAttachmentService()
- newLFSService()
-
- timeFormatKey := Cfg.Section("time").Key("FORMAT").MustString("")
- if timeFormatKey != "" {
- TimeFormat = map[string]string{
- "ANSIC": time.ANSIC,
- "UnixDate": time.UnixDate,
- "RubyDate": time.RubyDate,
- "RFC822": time.RFC822,
- "RFC822Z": time.RFC822Z,
- "RFC850": time.RFC850,
- "RFC1123": time.RFC1123,
- "RFC1123Z": time.RFC1123Z,
- "RFC3339": time.RFC3339,
- "RFC3339Nano": time.RFC3339Nano,
- "Kitchen": time.Kitchen,
- "Stamp": time.Stamp,
- "StampMilli": time.StampMilli,
- "StampMicro": time.StampMicro,
- "StampNano": time.StampNano,
- }[timeFormatKey]
- // When the TimeFormatKey does not exist in the previous map e.g.'2006-01-02 15:04:05'
- if len(TimeFormat) == 0 {
- TimeFormat = timeFormatKey
- TestTimeFormat, _ := time.Parse(TimeFormat, TimeFormat)
- if TestTimeFormat.Format(time.RFC3339) != "2006-01-02T15:04:05Z" {
- log.Warn("Provided TimeFormat: %s does not create a fully specified date and time.", TimeFormat)
- log.Warn("In order to display dates and times correctly please check your time format has 2006, 01, 02, 15, 04 and 05")
- }
- log.Trace("Custom TimeFormat: %s", TimeFormat)
- }
- }
-
- zone := Cfg.Section("time").Key("DEFAULT_UI_LOCATION").String()
- if zone != "" {
- DefaultUILocation, err = time.LoadLocation(zone)
- if err != nil {
- log.Fatal("Load time zone failed: %v", err)
- } else {
- log.Info("Default UI Location is %v", zone)
- }
- }
- if DefaultUILocation == nil {
- DefaultUILocation = time.Local
- }
-
- RunUser = Cfg.Section("").Key("RUN_USER").MustString(user.CurrentUsername())
- // The following is a purposefully undocumented option. Please do not run Gitea as root. It will only cause future headaches.
- // Please don't use root as a bandaid to "fix" something that is broken, instead the broken thing should instead be fixed properly.
- unsafeAllowRunAsRoot := Cfg.Section("").Key("I_AM_BEING_UNSAFE_RUNNING_AS_ROOT").MustBool(false)
- RunMode = os.Getenv("GITEA_RUN_MODE")
- if RunMode == "" {
- RunMode = Cfg.Section("").Key("RUN_MODE").MustString("prod")
- }
- IsProd = strings.EqualFold(RunMode, "prod")
- // Does not check run user when the install lock is off.
- if InstallLock {
- currentUser, match := IsRunUserMatchCurrentUser(RunUser)
- if !match {
- log.Fatal("Expect user '%s' but current user is: %s", RunUser, currentUser)
- }
- }
-
- // check if we run as root
- if os.Getuid() == 0 {
- if !unsafeAllowRunAsRoot {
- // Special thanks to VLC which inspired the wording of this messaging.
- log.Fatal("Gitea is not supposed to be run as root. Sorry. If you need to use privileged TCP ports please instead use setcap and the `cap_net_bind_service` permission")
- }
- log.Critical("You are running Gitea using the root user, and have purposely chosen to skip built-in protections around this. You have been warned against this.")
- }
-
- SSH.BuiltinServerUser = Cfg.Section("server").Key("BUILTIN_SSH_SERVER_USER").MustString(RunUser)
- SSH.User = Cfg.Section("server").Key("SSH_USER").MustString(SSH.BuiltinServerUser)
-
- newRepository()
-
- newPictureService()
-
- newPackages()
-
- if err = Cfg.Section("ui").MapTo(&UI); err != nil {
- log.Fatal("Failed to map UI settings: %v", err)
- } else if err = Cfg.Section("markdown").MapTo(&Markdown); err != nil {
- log.Fatal("Failed to map Markdown settings: %v", err)
- } else if err = Cfg.Section("admin").MapTo(&Admin); err != nil {
- log.Fatal("Fail to map Admin settings: %v", err)
- } else if err = Cfg.Section("api").MapTo(&API); err != nil {
- log.Fatal("Failed to map API settings: %v", err)
- } else if err = Cfg.Section("metrics").MapTo(&Metrics); err != nil {
- log.Fatal("Failed to map Metrics settings: %v", err)
- } else if err = Cfg.Section("camo").MapTo(&Camo); err != nil {
- log.Fatal("Failed to map Camo settings: %v", err)
- }
-
- if Camo.Enabled {
- if Camo.ServerURL == "" || Camo.HMACKey == "" {
- log.Fatal(`Camo settings require "SERVER_URL" and HMAC_KEY`)
- }
- }
-
- u := *appURL
- u.Path = path.Join(u.Path, "api", "swagger")
- API.SwaggerURL = u.String()
-
- newGit()
-
- newMirror()
-
- Langs = Cfg.Section("i18n").Key("LANGS").Strings(",")
- if len(Langs) == 0 {
- Langs = defaultI18nLangs()
- }
- Names = Cfg.Section("i18n").Key("NAMES").Strings(",")
- if len(Names) == 0 {
- Names = defaultI18nNames()
- }
-
- ShowFooterBranding = Cfg.Section("other").Key("SHOW_FOOTER_BRANDING").MustBool(false)
- ShowFooterVersion = Cfg.Section("other").Key("SHOW_FOOTER_VERSION").MustBool(true)
- ShowFooterTemplateLoadTime = Cfg.Section("other").Key("SHOW_FOOTER_TEMPLATE_LOAD_TIME").MustBool(true)
- EnableSitemap = Cfg.Section("other").Key("ENABLE_SITEMAP").MustBool(true)
- EnableFeed = Cfg.Section("other").Key("ENABLE_FEED").MustBool(true)
-
- UI.ShowUserEmail = Cfg.Section("ui").Key("SHOW_USER_EMAIL").MustBool(true)
- UI.DefaultShowFullName = Cfg.Section("ui").Key("DEFAULT_SHOW_FULL_NAME").MustBool(false)
- UI.SearchRepoDescription = Cfg.Section("ui").Key("SEARCH_REPO_DESCRIPTION").MustBool(true)
- UI.UseServiceWorker = Cfg.Section("ui").Key("USE_SERVICE_WORKER").MustBool(false)
- UI.OnlyShowRelevantRepos = Cfg.Section("ui").Key("ONLY_SHOW_RELEVANT_REPOS").MustBool(false)
-
- HasRobotsTxt, err = util.IsFile(path.Join(CustomPath, "robots.txt"))
- if err != nil {
- log.Error("Unable to check if %s is a file. Error: %v", path.Join(CustomPath, "robots.txt"), err)
- }
-
- newMarkup()
-
- UI.ReactionsLookup = make(container.Set[string])
- for _, reaction := range UI.Reactions {
- UI.ReactionsLookup.Add(reaction)
- }
- UI.CustomEmojisMap = make(map[string]string)
- for _, emoji := range UI.CustomEmojis {
- UI.CustomEmojisMap[emoji] = ":" + emoji + ":"
- }
- }
-
- func parseAuthorizedPrincipalsAllow(values []string) ([]string, bool) {
- anything := false
- email := false
- username := false
- for _, value := range values {
- v := strings.ToLower(strings.TrimSpace(value))
- switch v {
- case "off":
- return []string{"off"}, false
- case "email":
- email = true
- case "username":
- username = true
- case "anything":
- anything = true
- }
- }
- if anything {
- return []string{"anything"}, true
- }
-
- authorizedPrincipalsAllow := []string{}
- if username {
- authorizedPrincipalsAllow = append(authorizedPrincipalsAllow, "username")
- }
- if email {
- authorizedPrincipalsAllow = append(authorizedPrincipalsAllow, "email")
- }
-
- return authorizedPrincipalsAllow, true
- }
-
- // loadSecret load the secret from ini by uriKey or verbatimKey, only one of them could be set
- // If the secret is loaded from uriKey (file), the file should be non-empty, to guarantee the behavior stable and clear.
- func loadSecret(sec *ini.Section, uriKey, verbatimKey string) string {
- // don't allow setting both URI and verbatim string
- uri := sec.Key(uriKey).String()
- verbatim := sec.Key(verbatimKey).String()
- if uri != "" && verbatim != "" {
- log.Fatal("Cannot specify both %s and %s", uriKey, verbatimKey)
- }
-
- // if we have no URI, use verbatim
- if uri == "" {
- return verbatim
- }
-
- tempURI, err := url.Parse(uri)
- if err != nil {
- log.Fatal("Failed to parse %s (%s): %v", uriKey, uri, err)
- }
- switch tempURI.Scheme {
- case "file":
- buf, err := os.ReadFile(tempURI.RequestURI())
- if err != nil {
- log.Fatal("Failed to read %s (%s): %v", uriKey, tempURI.RequestURI(), err)
- }
- val := strings.TrimSpace(string(buf))
- if val == "" {
- // The file shouldn't be empty, otherwise we can not know whether the user has ever set the KEY or KEY_URI
- // For example: if INTERNAL_TOKEN_URI=file:///empty-file,
- // Then if the token is re-generated during installation and saved to INTERNAL_TOKEN
- // Then INTERNAL_TOKEN and INTERNAL_TOKEN_URI both exist, that's a fatal error (they shouldn't)
- log.Fatal("Failed to read %s (%s): the file is empty", uriKey, tempURI.RequestURI())
- }
- return val
-
- // only file URIs are allowed
- default:
- log.Fatal("Unsupported URI-Scheme %q (INTERNAL_TOKEN_URI = %q)", tempURI.Scheme, uri)
- return ""
- }
- }
-
- // generateSaveInternalToken generates and saves the internal token to app.ini
- func generateSaveInternalToken() {
- token, err := generate.NewInternalToken()
- if err != nil {
- log.Fatal("Error generate internal token: %v", err)
- }
-
- InternalToken = token
- CreateOrAppendToCustomConf("security.INTERNAL_TOKEN", func(cfg *ini.File) {
- cfg.Section("security").Key("INTERNAL_TOKEN").SetValue(token)
- })
- }
-
- // MakeAbsoluteAssetURL returns the absolute asset url prefix without a trailing slash
- func MakeAbsoluteAssetURL(appURL, staticURLPrefix string) string {
- parsedPrefix, err := url.Parse(strings.TrimSuffix(staticURLPrefix, "/"))
- if err != nil {
- log.Fatal("Unable to parse STATIC_URL_PREFIX: %v", err)
- }
-
- if err == nil && parsedPrefix.Hostname() == "" {
- if staticURLPrefix == "" {
- return strings.TrimSuffix(appURL, "/")
- }
-
- // StaticURLPrefix is just a path
- return util.URLJoin(appURL, strings.TrimSuffix(staticURLPrefix, "/"))
- }
-
- return strings.TrimSuffix(staticURLPrefix, "/")
- }
-
- // MakeManifestData generates web app manifest JSON
- func MakeManifestData(appName, appURL, absoluteAssetURL string) []byte {
- type manifestIcon struct {
- Src string `json:"src"`
- Type string `json:"type"`
- Sizes string `json:"sizes"`
- }
-
- type manifestJSON struct {
- Name string `json:"name"`
- ShortName string `json:"short_name"`
- StartURL string `json:"start_url"`
- Icons []manifestIcon `json:"icons"`
- }
-
- bytes, err := json.Marshal(&manifestJSON{
- Name: appName,
- ShortName: appName,
- StartURL: appURL,
- Icons: []manifestIcon{
- {
- Src: absoluteAssetURL + "/assets/img/logo.png",
- Type: "image/png",
- Sizes: "512x512",
- },
- {
- Src: absoluteAssetURL + "/assets/img/logo.svg",
- Type: "image/svg+xml",
- Sizes: "512x512",
- },
- },
- })
- if err != nil {
- log.Error("unable to marshal manifest JSON. Error: %v", err)
- return make([]byte, 0)
- }
-
- return bytes
- }
-
- // CreateOrAppendToCustomConf creates or updates the custom config.
- // Use the callback to set individual values.
- func CreateOrAppendToCustomConf(purpose string, callback func(cfg *ini.File)) {
- if CustomConf == "" {
- log.Error("Custom config path must not be empty")
- return
- }
-
- cfg := ini.Empty()
- isFile, err := util.IsFile(CustomConf)
- if err != nil {
- log.Error("Unable to check if %s is a file. Error: %v", CustomConf, err)
- }
- if isFile {
- if err := cfg.Append(CustomConf); err != nil {
- log.Error("failed to load custom conf %s: %v", CustomConf, err)
- return
- }
- }
-
- callback(cfg)
-
- if err := os.MkdirAll(filepath.Dir(CustomConf), os.ModePerm); err != nil {
- log.Fatal("failed to create '%s': %v", CustomConf, err)
- return
- }
- if err := cfg.SaveTo(CustomConf); err != nil {
- log.Fatal("error saving to custom config: %v", err)
- }
- log.Info("Settings for %s saved to: %q", purpose, CustomConf)
-
- // Change permissions to be more restrictive
- fi, err := os.Stat(CustomConf)
- if err != nil {
- log.Error("Failed to determine current conf file permissions: %v", err)
- return
- }
-
- if fi.Mode().Perm() > 0o600 {
- if err = os.Chmod(CustomConf, 0o600); err != nil {
- log.Warn("Failed changing conf file permissions to -rw-------. Consider changing them manually.")
- }
- }
- }
-
- // NewServices initializes the services
- func NewServices() {
- InitDBConfig()
- newService()
- newOAuth2Client()
- NewLogServices(false)
- newCacheService()
- newSessionService()
- newCORSService()
- parseMailerConfig(Cfg)
- newRegisterMailService()
- newNotifyMailService()
- newProxyService()
- newWebhookService()
- newMigrationsService()
- newIndexerService()
- newTaskService()
- NewQueueService()
- newProject()
- newMimeTypeMap()
- newFederationService()
- }
-
- // NewServicesForInstall initializes the services for install
- func NewServicesForInstall() {
- newService()
- parseMailerConfig(Cfg)
- }
|