Commit Graph

3634 Commits

Author SHA1 Message Date
zeripath
888384a631
Correct the fallbacks for mailer configuration (#21945) (#21953)
Backport #21945

Unfortunately the fallback configuration code for [mailer] that were
added in #18982 are incorrect. When you read a value from an ini section
that key is added. This leads to a failure of the fallback mechanism.
Further there is also a spelling mistake in the startTLS configuration.

This PR restructures the mailer code to first map the deprecated
settings on to the new ones - and then use ini.MapTo to map those on to
the struct with additional validation as necessary.

Ref #21744

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-11-27 19:45:59 +00:00
KN4CK3R
ff4e292b3f
Add support for HEAD requests in Maven registry (#21834) (#21929)
Backport of #21834

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-25 13:46:28 +02:00
Xinyu Zhou
c844c4ff88
Fix vertical align of committer avatar rendered by email address (#21884) (#21918)
Backport #21884

Committer avatar rendered by `func AvatarByEmail` are not vertical align
as `func Avatar` does.

- Replace literals `ui avatar` and `ui avatar vm` with the constant
`DefaultAvatarClass`

Signed-off-by: Xinyu Zhou <i@sourcehut.net>
2022-11-24 10:52:20 +08:00
KN4CK3R
f4ec03a4e5
Fix setting HTTP headers after write (#21833) (#21877)
Backport of #21833

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-11-22 09:00:42 +08:00
Jason Song
7a004ad7eb
Support comma-delimited string as labels in issue template (#21831) (#21873)
Backport #21831.

The [labels in issue YAML templates](https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms#top-level-syntax)
can be a string array or a comma-delimited string, so a single string
should be valid labels.

The old codes committed in #20987 ignore this, that's why the warning is
displayed:

<img width="618" alt="image" src="https://user-images.githubusercontent.com/9418365/202112642-93dc72d0-71c3-40a2-9720-30fc2d48c97c.png">

Fixes #17877.
2022-11-20 10:44:20 +00:00
Gusted
af8b2250c4
Prevent dangling user redirects (#21856) (#21858)
- Backport #21856
- It's possible that the `user_redirect` table contains a user id that
no longer exists.
  - Delete a user redirect upon deleting the user.
- Add a check for these dangling user redirects to check-db-consistency.
2022-11-18 22:25:00 +08:00
Jason Song
8917af8701
Ignore issue template with a special name (#21830) (#21835)
Backport #21830.

A file in `ISSUE_TEMPLATE` with the name `config.yml` shouldn't be
treated as a YAML template, it's for [configuring the template
chooser](https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser).

The old code tried to ignore the file, but it didn't work, caused by
#20987. That's why the warning is displayed:

<img width="415" alt="image"

src="https://user-images.githubusercontent.com/9418365/202094067-804c42fe-0e9e-4fc5-bf01-d95fa336f54f.png">

Note that this PR is not an implementation of `config.yml`, there will
be another one to do it.
2022-11-16 14:48:33 -05:00
zeripath
0d25292fbc
Prevent panic in doctor command when running default checks (#21791) (#21807)
Backport #21791

There was a bug introduced in #21352 due to a change of behaviour caused
by #19280. This causes a panic on running the default doctor checks
because the panic introduced by #19280 assumes that the only way
opts.StdOut and opts.Stderr can be set in RunOpts is deliberately.
Unfortunately, when running a git.Command the provided RunOpts can be
set, therefore if you share a common set of RunOpts these two values can
be set by the previous commands.

This PR stops using common RunOpts for the commands in that doctor check
but secondly stops RunCommand variants from changing the provided
RunOpts.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-11-14 10:58:32 +08:00
Lunny Xiao
b9dcf991b9
Fix dashboard ignored system setting cache (#21621) (#21759)
backport #21621

This is a performance regression from #18058

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2022-11-10 19:41:44 +08:00
wxiaoguang
89d52922d0
Fix token generation when using INTERNAL_TOKEN_URI (#21669) (#21670)
Backport #21669

Fix https://github.com/go-gitea/gitea/issues/21666
Caused by https://github.com/go-gitea/gitea/pull/19663

Before: when install, the INTERNAL_TOKEN was always generated and saved.
But the internal token may be already there by INTERNAL_TOKEN_URI

After: INTERNAL_TOKEN_URI file must be non-empty. When install, skip
internal token generation if the token exists.
2022-11-03 20:54:25 +00:00
Jason Song
7a8e34b255
Deal with markdown template without metadata (#21639) (#21654)
Backport #21639 .

Fixed #21636.

Related to #20987.

A markdown template without metadata should not be treated as an invalid
template.

And this PR fixed another bug that non-template files(neither .md nor
.yaml) are treated as yaml files.

<img width="504" alt="image"

src="https://user-images.githubusercontent.com/9418365/198968668-40082fa1-4f25-4d3e-9b73-1dbf6d1a7521.png">
2022-11-01 23:41:31 +08:00
Jason Song
e4a10f8c78
Sync git hooks when config file path changed (#21619) (#21626)
Backport #21619 .

A patch to #17335.

Just like AppPath, Gitea writes its own CustomConf into git hook scripts
too. If Gitea's CustomConf changes, then the git push may fail.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: zeripath <art27@cantab.net>
2022-10-30 11:17:11 +08:00
KN4CK3R
4d39fd8aae
Fix Timestamp.IsZero (#21593) (#21603)
Backport of #21593

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-27 16:47:06 +08:00
wxiaoguang
4869f9c3c8
Revert: auto generate INTERNAL_TOKEN (#21608) (#21609)
Backport #21608

Follow #19663

Some users do cluster deployment, they still depend on this
auto-generating behavior.
2022-10-27 11:17:47 +08:00
delvh
0ebb45cfe7
Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551)
Found using
`find . -type f -name '*.go' -print -exec vim {} -c
':%s/fmt\.Errorf(\(.*\)%v\(.*\)err/fmt.Errorf(\1%w\2err/g' -c ':wq' \;`

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-24 20:29:17 +01:00
KN4CK3R
7c11a73833
Fix package access for admins and inactive users (#21580)
I noticed an admin is not allowed to upload packages for other users
because `ctx.IsSigned` was not set.
I added a check for `user.IsActive` and `user.ProhibitLogin` too because
both was not checked. Tests enforce this now.

Co-authored-by: Lauris BH <lauris@nix.lv>
2022-10-24 22:23:25 +03:00
M Hickford
191a74d622
Record OAuth client type at registration (#21316)
The OAuth spec [defines two types of
client](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1),
confidential and public. Previously Gitea assumed all clients to be
confidential.

> OAuth defines two client types, based on their ability to authenticate
securely with the authorization server (i.e., ability to
>   maintain the confidentiality of their client credentials):
>
>   confidential
> Clients capable of maintaining the confidentiality of their
credentials (e.g., client implemented on a secure server with
> restricted access to the client credentials), or capable of secure
client authentication using other means.
>
>   **public
> Clients incapable of maintaining the confidentiality of their
credentials (e.g., clients executing on the device used by the resource
owner, such as an installed native application or a web browser-based
application), and incapable of secure client authentication via any
other means.**
>
> The client type designation is based on the authorization server's
definition of secure authentication and its acceptable exposure levels
of client credentials. The authorization server SHOULD NOT make
assumptions about the client type.

 https://datatracker.ietf.org/doc/html/rfc8252#section-8.4

> Authorization servers MUST record the client type in the client
registration details in order to identify and process requests
accordingly.

Require PKCE for public clients:
https://datatracker.ietf.org/doc/html/rfc8252#section-8.1

> Authorization servers SHOULD reject authorization requests from native
apps that don't use PKCE by returning an error message

Fixes #21299

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-24 15:59:24 +08:00
wxiaoguang
dcd9fc7ee8
Refactor git command arguments and make all arguments to be safe to be used (#21535)
Follow #21464

Make all git command arguments strictly safe. Most changes are one-to-one replacing, keep all existing logic.
2022-10-23 22:44:45 +08:00
Yarden Shoham
63ebb53fd5
Add link to user profile in markdown mention only if user exists (#21533)
Previously mentioning a user would link to its profile, regardless of
whether the user existed. This change tests if the user exists and only
if it does - a link to its profile is added.

* Fixes #3444

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-23 01:15:52 +08:00
Yarden Shoham
2c77d4b195
Remove unnecessary debug log (#21536)
It distractingly shows up on unit tests

* Looks like a leftover from #20571

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-22 15:25:34 +08:00
KN4CK3R
1887c95254
Decouple HookTask from Repository (#17940)
At the moment a repository reference is needed for webhooks. With the
upcoming package PR we need to send webhooks without a repository
reference. For example a package is uploaded to an organization. In
theory this enables the usage of webhooks for future user actions.

This PR removes the repository id from `HookTask` and changes how the
hooks are processed (see `services/webhook/deliver.go`). In a follow up
PR I want to remove the usage of the `UniqueQueue´ and replace it with a
normal queue because there is no reason to be unique.

Co-authored-by: 6543 <6543@obermui.de>
2022-10-21 18:21:56 +02:00
Yarden Shoham
e828564445
Add color previews in markdown (#21474)
* Resolves #3047

Every time a color code will be in \`backticks`, a cute little color
preview will pop up


[Inspiration](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#supported-color-models)

#### Before

![image](https://user-images.githubusercontent.com/20454870/196631524-298afbbf-d2c8-4018-92a5-0393a693d850.png)

#### After

![image](https://user-images.githubusercontent.com/20454870/196631397-36c561e4-08f5-465a-a36e-76084e30b08a.png)

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-21 20:00:53 +08:00
Lunny Xiao
16cbd5b59c
Fix generating compare link (#21519)
Fix #6318

Co-authored-by: zeripath <art27@cantab.net>
2022-10-21 16:39:26 +08:00
wxiaoguang
0614ae1c44
Remove unnecessary misspell ignore pattern (#21475)
It doesn't make sense to ignore the pattern again and again.
2022-10-18 12:52:25 -04:00
zeripath
716fcfcf72
Make every not exist error unwrappable to a fs.ErrNotExist (#20891)
A lot of our code is repeatedly testing if individual errors are
specific types of Not Exist errors. This is repetitative and unnecesary.
`Unwrap() error` provides a common way of labelling an error as a
NotExist error and we can/should use this.

This PR has chosen to use the common `io/fs` errors e.g.
`fs.ErrNotExist` for our errors. This is in some ways not completely
correct as these are not filesystem errors but it seems like a
reasonable thing to do and would allow us to simplify a lot of our code
to `errors.Is(err, fs.ErrNotExist)` instead of
`package.IsErr...NotExist(err)`

I am open to suggestions to use a different base error - perhaps
`models/db.ErrNotExist` if that would be felt to be better.


Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
2022-10-18 07:50:37 +02:00
6543
18622a0705
probe if sha before exec git (#21467) 2022-10-17 16:40:37 +02:00
Lunny Xiao
f860a6d2e4
Add system setting table with cache and also add cache supports for user setting (#18058) 2022-10-17 07:29:26 +08:00
KN4CK3R
cad9adeff4
Display total commit count in hook message (#21400)
Fixes #21379

The commits are capped by `setting.UI.FeedMaxCommitNum` so
`len(commits)` is not the correct number. So this PR adds a new
`TotalCommits` field.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-17 00:22:34 +08:00
Yarden Shoham
b9cd6fb703
Add code highlighting in issue titles (#21432)
This changes the rendering logic of issue titles. If a substring in an
issue title is enclosed with a pair of backticks, it'll be rendered with
a monospace font (HTML `code` tag).

* Closes #20887

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-10-16 02:24:41 +08:00
wxiaoguang
677af6ac57
Follow improve code quality (#21465)
After some discussion, introduce a new slice `brokenArgs` to make
`gitCmd.Run()` return errors if any dynamic argument is invalid.

Co-authored-by: delvh <dev.lh@web.de>
2022-10-15 14:18:31 +02:00
wxiaoguang
d98c5db58f
alternative to PR "improve code quality" (#21464)
This PR doesn't require new git version, and can be backported easily.

Co-authored-by: 6543 <6543@obermui.de>
2022-10-15 12:49:26 +02:00
KN4CK3R
0e58201d1a
Add support for Chocolatey/NuGet v2 API (#21393)
Fixes #21294

This PR adds support for NuGet v2 API.

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-13 18:19:39 +08:00
Clar Fon
42b803554c
Add HEAD fix to gitea doctor (#21352)
Due to a bug in presumably an older version of Gitea, multiple of my
repositories still have their HEADs pointing to a `master` branch while
the default branch on the UI is listed as `main`. This adds a `gitea
doctor` command that will fix all of the HEAD references for repos when
they're not synchronized with the default branch in the DB.

This will help with cloning to ensure that git automatically checks out
the right branch, instead of a nonexistent one.

Note: I'm not sure if I actually need to do more other than add a file
here. Will try testing this out on my server soon.

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 12:17:55 -04:00
KN4CK3R
0e57ff7eee
Add generic set type (#21408)
This PR adds a generic set type to get rid of maps used as sets.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 13:18:26 +08:00
KN4CK3R
4dc3b2ec57
Use Name instead of DisplayName in LFS Lock (#21415)
Fixes #21268

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-10-11 21:03:15 -04:00
KN4CK3R
8752d89be7
Redirect to new repository owner (#21398)
Fixes #17655

If you rename `user1` to `user2` and visit `/user1` you get redirected
to `/user2`. But if you visit `/user1/repo` you just get a 404 error.
With this PR the user is redirected to `/user2/repo`.
2022-10-11 19:54:44 +08:00
Lunny Xiao
1428877c37
log real ip of requests from ssh (#21216)
Partially fix #21213.

This PR will get client IP address from SSH_CONNECTION env which should
be the first field of that. And deliver it to the internal API so Gitea
routers could record the real IP from SSH requests.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2022-10-11 16:57:37 +08:00
Lauris BH
b59b0cad0a
Add user/organization code search (#19977)
Fixes #19925 

Screenshots:

![attels](https://user-images.githubusercontent.com/165205/173864718-fe789429-55bc-4cad-808c-9f02f335cddf.png)
2022-10-11 00:12:03 +01:00
zeripath
3ccebf7f40
Stop logging CheckPath returns error: context canceled (#21064)
We should only log CheckPath errors if they are not simply due to
context cancellation - and we should add a little more context to the
error message.

Fix #20709

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-10-10 21:54:30 +01:00
eleith
bbbf9a4b93
npm package registry support for bin (#21372)
Fix #21303

npm package.json supports binary packaging:
https://docs.npmjs.com/cli/v8/configuring-npm/package-json#bin

the npm registry documents that the binary references will be attached
to the abbreviated version object:

https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md#abbreviated-version-object

unfortunately their api documentation leaves this out:
https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md#abbreviated-version-objectdoc

which is likely to be the reason this was left out in gitea's initial
implementation

this response is critical for npm to install the binary in the `.bin`
folder so as to be included on the users default bin path, resulting in
immediate access to any binaries provided by the package
2022-10-08 13:24:44 +08:00
zeripath
7d2545d183
Add nicer error handling on template compile errors (#21350)
There are repeated issues reported whereby users are unable to interpret
the template errors. This PR adds some (somewhat complex) error handling
to the panic recovery for template renderering but hopefully makes the
interpretation of the error easier.

Reference #21344

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-10-07 22:02:24 +01:00
wxiaoguang
c08e42c47e
Refactor parseTreeEntries, speed up tree list (#21368)
Close #20315 (fix the panic when parsing invalid input), Speed up #20231 (use ls-tree without size field)

Introduce ListEntriesRecursiveFast (ls-tree without size) and ListEntriesRecursiveWithSize (ls-tree with size)
2022-10-08 01:20:53 +08:00
Andrew Imeson
d94f15c2fd
Make external issue tracker regexp configurable via API (#21338)
Fixes #21336 

Signed-off-by: Andrew Imeson <andrew@andrewimeson.com>
2022-10-07 20:49:30 +08:00
delvh
b001812df4
Fix and improve incorrect error messages (#21342)
L
2022-10-06 07:00:54 +01:00
Gennady Kovshenin
fd2d5f06b0
Add stat to ToCommit function for speed (#21337)
Calls to ToCommit are very slow due to fetching diffs, analyzing files.
This patch lets us supply `stat` as false to speed fetching a commit
when we don't need the diff.

/v1/repo/commits has a default `stat` set as true now. Set to false to
experience fetching thousands of commits per second instead of 2-5 per
second.
2022-10-06 11:21:04 +08:00
wxiaoguang
8765f139c7
Fix typo in API comment document (#21347)
Close #21307

After the fix:

![image](https://user-images.githubusercontent.com/2114189/194120843-52566b84-6e29-4f91-859a-eb5839c68c54.png)
2022-10-05 21:26:34 +01:00
zeripath
93df41f506
Fix slight bug in katex (#21171)
There is a small bug in #20571 whereby `$a a$b b$` will not be correctly
detected as a math inline block of `a a$b b`. This PR fixes this.

Also reenable test cases as per #21340 

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-05 19:55:36 +01:00
Jason Song
a08b484549
Tag list should include draft releases with existing tags (#21263)
Before, a tag for a draft release disappeared in the tag list, fix #21262.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-03 20:05:53 +08:00
Clar Fon
3d10193be2
Allow specifying SECRET_KEY_URI, similar to INTERNAL_TOKEN_URI (#19663)
Only load SECRET_KEY and INTERNAL_TOKEN if they exist.
Never write the config file if the keys do not exist, which was only a fallback for Gitea upgraded from < 1.5

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-02 01:26:33 +08:00
KN4CK3R
b7309b8ccb
Add name field for org api (#21270)
related #21205

The field `UserName` is not really usefull for an organization.
This adds a second `Name` field.

The [GitHub API](https://docs.github.com/en/rest/orgs/orgs#get-an-organization) uses `name` too. `UserName` should be deprecated then.
2022-09-29 05:27:33 +02:00