Commit Graph

13572 Commits

Author SHA1 Message Date
zeripath
06f968d662
Fix hard-coded timeout and error panic in API archive download endpoint (#20925) (#21051)
Backport #20925

This commit updates the `GET /api/v1/repos/{owner}/{repo}/archive/{archive}`
endpoint which prior to this PR had a couple of issues.

1. The endpoint had a hard-coded 20s timeout for the archiver to complete after
   which a 500 (Internal Server Error) was returned to client. For a scripted
   API client there was no clear way of telling that the operation timed out and
   that it should retry.

2. Whenever the timeout _did occur_, the code used to panic. This was caused by
   the API endpoint "delegating" to the same call path as the web, which uses a
   slightly different way of reporting errors (HTML rather than JSON for
   example).

   More specifically, `api/v1/repo/file.go#GetArchive` just called through to
   `web/repo/repo.go#Download`, which expects the `Context` to have a `Render`
   field set, but which is `nil` for API calls. Hence, a `nil` pointer error.

The code addresses (1) by dropping the hard-coded timeout. Instead, any
timeout/cancelation on the incoming `Context` is used.

The code addresses (2) by updating the API endpoint to use a separate call path
for the API-triggered archive download. This avoids producing HTML-errors on
errors (it now produces JSON errors).

Signed-off-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com>

Signed-off-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-09-06 07:54:47 +01:00
Lunny Xiao
084797b4dc
Fix delete user missed some comments (#21067) (#21068) 2022-09-06 06:48:57 +08:00
zeripath
7888a55e8c
Delete unreferenced packages when deleting a package version (#20977) (#21060)
Backport #20977

Delete a package if its last version got deleted. Otherwise removing the owner works only after the clean up job ran.

Fix #20969

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2022-09-04 12:17:48 -04:00
zeripath
ea416d7d0e
Redirect if user does not exist on admin pages (#20981) (#21059)
Backport #20981

When on /admin/users/ endpoints if the user is no longer in the DB,
redirect instead of causing a http 500.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2022-09-04 12:17:35 -04:00
zeripath
0db6add5c0
Set uploadpack.allowFilter etc on gitea serv to enable partial clones with ssh (#20902) (#21058)
Backport #20902

When setting.Git.DisablePartialClone is set to false then the web server will add filter support to web http. It does this by using`-c` command arguments but this will not work on gitea serv as the upload-pack and receive-pack commands do not support this.

Instead we move these options into the .gitconfig instead.

Fix #20400

Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-09-04 12:17:27 -04:00
qwerty287
0ecbb71bee
Fix 500 on time in timeline API (#21052) (#21057)
Backport #21052

Before converting a TrackedTime for the API we need to load its attributes - otherwise we get an NPE.

Fix #21041
2022-09-04 16:12:37 +01:00
Jason Song
ea38455e1f
Fill the specified ref in webhook test payload (#20961) (#21055)
Backport #20961

The webhook payload should use the right ref when it‘s specified in the testing request.

The compare URL should not be empty, a URL like `compare/A...A` seems useless in most cases but is helpful when testing.
2022-09-04 16:12:01 +01:00
zeripath
8fc80b34a0
Add another index for Action table on postgres (#21033) (#21054)
Backport #21033

In #21031 we have discovered that on very big tables postgres will use a
search involving the sort term in preference to the restrictive index.

Therefore we add another index for postgres and update the original migration.

Fix #21031

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-09-04 16:11:02 +01:00
zeripath
71aa64ae25
fix broken insecureskipverify handling in rediss connection uris (#20967) (#21053)
Backport #20967

Currently, it's impossible to connect to self-signed TLS encrypted redis instances. The problem lies in inproper error handling, when building redis tls options - only invalid booleans are allowed to be used in `tlsConfig` builder. The problem is, when `strconv.ParseBool(...)` returns error, it always defaults to false - meaning it's impossible to set `tlsOptions.InsecureSkipVerify` to true.

Fixes #19213

Co-authored-by: Igor Rzegocki <ajgon@users.noreply.github.com>
2022-09-04 14:59:20 +01:00
zeripath
3aba72c613
Add more checks in migration code (#21011) (#21050)
Backport #21011

When migrating add several more important sanity checks:

* SHAs must be SHAs
* Refs must be valid Refs
* URLs must be reasonable

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-09-04 08:41:21 -05:00
José Carlos
bd1412c3af
Add Dev, Peer and Optional dependencies to npm PackageMetadataVersion (#21017) (#21044)
Backport #21017

Set DevDependencies, PeerDependencies & OptionalDependencies in npm package metadatas

Fix https://github.com/go-gitea/gitea/issues/21013
2022-09-03 21:11:03 +02:00
silverwind
3973ce36d9
Improve arc-green code theme (#21039) (#21042)
Backport #21039

- Increase contrasts overall
- Add various missing theme classes
- Ensure strings and constants are colored the same across languages
2022-09-03 19:51:09 +02:00
Tyrone Yeh
fbde31fb1e
Add down key check has tribute container (#21016) (#21038)
Backport #21016 

Fixes an issue where users would not be able to select by pressing the down arrow when using @TAG above a message

Bug videos:

https://user-images.githubusercontent.com/1255041/188095999-c4ccde18-e53b-4251-8a14-d90c4042d768.mp4
2022-09-03 14:36:27 +01:00
zeripath
2f0a1eb0d5
Do not add links to Posters or Assignees with ID < 0 (#20577) (#21037)
Backport #20577

There are several places in templates/repo/issue/view_content/comments.tmpl where links are made to Posters or Assignees who are Ghosts or have IDs <0.

Fix #20559

Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-09-03 20:51:10 +08:00
Lucas Azevedo
e3697efbb0
Fix modified due date message (#20388) (#21032)
Backport #20388
2022-09-02 15:18:34 -04:00
Lunny Xiao
989dd5502c
Fix missed sort bug (#21006)
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2022-08-31 23:40:29 +08:00
John Olheiser
54c0fe62cc
Fix input.value attr for RequiredClaimName/Value (#20946) (#21001)
Values set for RequiredClaimName and RequiredClaimValue do not show up on UI.
Fix typo `values` to `value`.

Co-authored-by: soumyadey <soumya.dey@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-31 09:57:03 -05:00
Jason Song
2e2133d33f
fix: remove redundant if (#20997) 2022-08-30 16:16:33 -05:00
John Olheiser
0d869c574e
Translations for repo buttons (#20834)
* Translations

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Update locale_de-DE.ini

* Update locales

Signed-off-by: jolheiser <john.olheiser@gmail.com>

Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-08-29 16:37:53 +02:00
Lunny Xiao
04105dbb7c
Fix download archiver of a commit (#20962) (#20971) 2022-08-28 13:29:34 +02:00
silverwind
0a0cd75071
Change review buttons to icons to make space for text (#20934) (#20978)
The layout on the review code view was broken depending on length of the text. Change all three buttons to icons with tooltip to make more space for these long texts.

Fixes: #20922
2022-08-27 23:52:00 +03:00
silverwind
85f829fb3c
Enable contenthash in filename for dynamic assets (#20813) (#20932)
This should solve the main problem of dynamic assets getting stale after
a version upgrade. Everything not affected will use query-string based
cache busting, which includes files loaded via HTML or worker scripts.
2022-08-25 07:16:20 +01:00
zeripath
5ebd26d306
Return 404 NotFound if requested attachment does not exist (#20886) (#20941)
Backport #20886

Add code to test if GetAttachmentByID returns an ErrAttachmentNotExist error
and return NotFound instead of InternalServerError

Fix #20884

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-25 11:30:41 +08:00
zeripath
bc7a4375be
Disable doctor logging on panic (#20847) (#20898)
Backport #20847

If permissions are incorrect for writing to the doctor log simply disable the log file
instead of panicing.

Related #20570

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
2022-08-24 15:04:41 +01:00
zeripath
fbcb42488f
Set no-tags in git fetch on compare (#20893) (#20936)
Backport #20893

In the compare endpoint the git fetch is restricted to a certain branch however,
this does not completely prevent tag acquisition/pollution as git fetch will collect
any tags on that branch.

This causes pollution of the tag namespace and could cause confusion by users.

This PR adds `--no-tags` to the `git fetch` call.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-08-23 16:42:55 -04:00
zeripath
0230f1e1aa
In PushMirrorsIterate and MirrorsIterate if limit is negative do not set it (#20837) (#20899)
Backport #20837

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-08-23 12:38:52 -04:00
zeripath
6779c351b1
Fix mirror address setting not working (#20850) (#20904)
Backport #20850

This patch fixes the issue that the mirror address field is ignored from the repo setting form.

Co-authored-by: Gary Wang <wzc782970009@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-23 10:14:02 -04:00
KN4CK3R
c1889f5b01
Allow multiple metadata files for Maven packages (#20674) (#20916)
* Allow file overwrite for meta files.

* Added tests.

* lint

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-08-23 10:00:58 +08:00
Gusted
c0754e9d19
Don't open new page for ext wiki on same repository (#20725) (#20910)
* Don't open new page for ext wiki on same repository (#20725)

- Backport of #20725
  - When the external wiki has been set to a file on the repository, don't open the page on a tab.
  - Resolves #20657

* Gofmt

* Fix line

Co-authored-by: zeripath <art27@cantab.net>
2022-08-22 19:58:11 -04:00
zeripath
bf41958c16
Pad GPG Key ID with preceding zeroes (#20878) (#20885)
Backport #20878

The go crypto library does not pad keyIDs to 16 characters with preceding zeroes. This
is a somewhat confusing thing for most users who expect these to have preceding zeroes.

This PR prefixes any sub 16 length KeyID with preceding zeroes and removes preceding
zeroes from KeyIDs inputted on the API.

Fix #20876

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-08-22 19:35:18 +01:00
zeripath
033178f2fc
Increase Content field size of gpg_key and public_key to MEDIUMTEXT (#20896) (#20911)
Backport #20896

Unfortunately some keys are too big to fix within the 65535 limit of TEXT on MySQL
this causes issues with these large keys.

Therefore increase these fields to MEDIUMTEXT.

Unfortunately the migration in #20896 cannot be backported to 1.17 so
affected users will have to use `gitea doctor recreate-table gpg_key public_key`

Fix #20894

Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-08-22 15:17:21 +01:00
zeripath
ebc8801fb2
Fix push mirror address backend get error Address cause setting page display error (#20593) (#20901) 2022-08-22 02:14:48 -04:00
zeripath
37458bffbf
Fix panic when an invalid oauth2 name is passed (#20820) (#20900) 2022-08-21 23:23:48 -04:00
zeripath
ec9b43ba16
Remove calls to load Mirrors in user.Dashboard (#20855) (#20897)
Backport #20855

Whilst looking at #20840 I noticed that the Mirrors data doesn't appear
to be being used therefore we can remove this and in fact none of the
related code is used elsewhere so it can also be removed.

Related #20840
Related #20804

Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-22 09:46:56 +08:00
Gusted
e6ec411491
Fix SQL Query for SearchTeam (#20844) (#20872)
Backport #20844

Currently the function takes in the UserID option, but isn't being used within the SQL query. This patch fixes that by checking that only teams are being returned that the user belongs to.
 
Fix  #20829
2022-08-21 19:31:51 +01:00
silverwind
17d3a474e0
Update codemirror to 5.65.8 (#20875)
Includes fix for https://github.com/codemirror/codemirror5/issues/6893.
2022-08-21 17:25:46 +01:00
zeripath
9e8b1c6630
Double check CloneURL is acceptable (#20869) (#20892)
Backport #20869

Some Migration Downloaders provide re-writing of CloneURLs that may point to
unallowed urls. Recheck after the CloneURL is rewritten.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-08-21 09:42:48 -05:00
JonRB
eee51d8366
Ensure that graceful start-up is informed of unused SSH listener (#20877)
The graceful manager waits for 4 listeners to be created or to be told that they are not needed. If it is not told about them it will indefinitely and timeout. 

This leads to SVC hosts not being told of being in the readyState but on Unix would lead to the termination of the process.

There was an unfortunate regression in #20299 which missed this subtly and in the case whereby SSH is disabled the `builtinUnused()` is not called.

This PR adds a call to `builtinUnused()` when not using the builtin ssh to allow `createServerWaitGroup.Done()` to be called. 

In addition it was noted that the if/else clauses for timeout informing of the SVC host were in the wrong order. These have been swapped.

Fix #20609
2022-08-21 20:18:22 +08:00
silverwind
c61ed6fad4
Rework repo buttons (#20602, #20718) (#20719)
* Rework repo buttons (#20602)

* Rework repo buttons

- Replace "New PR" and "Go to File" button with Icon Button
- Move all "Add File" actions into a dropdown button
- Remove most custom styling of clone buttons
- Margin and wiki tweaks

Buttons are now all equal height, mobile layout wraps gracefully.

Fixes: https://github.com/go-gitea/gitea/issues/13671
Replaces: https://github.com/go-gitea/gitea/pull/20375

* Restore history button and hide add button when unable to add (#20718)

Fix two regressions from #20602:

- Restore the 'History' button that was previously unable to render
  because it's show condition was never hit
- Hide the 'Add File' button when there would be no items in the
  dropdown.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-08-20 15:49:16 +01:00
wxiaoguang
b88a4b4854
Fix the mode of custom dir to 0700 in docker-rootless (#20861) (#20867) 2022-08-19 23:54:12 -04:00
wxiaoguang
399917a2d4
Fix UI mis-align for PR commit history (#20845) (#20859) 2022-08-19 16:54:33 +08:00
techknowlogick
68cceb5321 update changelog 2022-08-18 15:34:24 -04:00
zeripath
15b61dac98
Prevent 500 is head repo does not have PullRequest unit in IsUserAllowedToUpdate (#20839) (#20848)
Backport #20621

Some repositories do not have the PullRequest unit present in their configuration
and unfortunately the way that IsUserAllowedToUpdate currently works assumes
that this is an error instead of just returning false.

This PR simply swallows this error allowing the function to return false.

Fix #20621

Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-08-18 14:55:34 -04:00
zeripath
35ca651c80
Fix owners cannot create organization repos bug (#20841) (#20854)
Backport #20841

* Fix owners cannot create organization repos bug

* Fix api

* Update routers/api/v1/org/team.go

Co-authored-by: Gusted <williamzijl7@hotmail.com>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2022-08-18 14:54:48 -04:00
zeripath
737486152c
Changelog 1.17.1 (#20833)
* Changelog 1.17.1

 ## [1.17.1](https://github.com/go-gitea/gitea/releases/tag/1.17.1) - 2022-08-17

* SECURITY
  * Correctly escape within tribute.js (#20831) (#20832)
* FEATURES
  * Add support for NuGet API keys (#20721) (#20734)
* ENHANCEMENTS
  * Display project in issue list (#20583)
  * Add disable download source configuration (#20548) (#20579)
* BUGFIXES
  * Use the total issue count for UI (#20785) (#20827)
  * Add proxy host into allow list (#20798) (#20819)
  * Add missing translation for queue flush workers (#20791) (#20792)
  * Improve comment header for mobile (#20781) (#20789)
  * Fix git.Init for doctor sub-command (#20782) (#20783)
  * Check webhooks slice length before calling xorm (#20642) (#20768)
  * Remove manual rollback for failed generated repositories (#20639) (#20762)
  * Use correct field name in npm template (#20675) (#20760)
  * Keep download count on Container tag overwrite (#20728) (#20735)
  * Fix v220 migration to be compatible for MSSQL 2008 r2 (#20702) (#20707)
  * Use request timeout for git service rpc (#20689) (#20693)
  * Send correct NuGet status codes (#20647) (#20677)
  * Use correct context to get package content (#20673) (#20676)
  * Fix the JS error "EventSource is not defined" caused by some non-standard browsers (#20584) (#20663)
  * Add default commit messages to PR for squash merge (#20618) (#20645)
  * Fix package upload for files >32mb (#20622) (#20635)
  * Fix the new-line copy-paste for rendered code (#20612)
  * Clean up and fix clone button script (#20415 & #20600) (#20599)
  *  Fix default merge style (#20564) (#20565)
  * Add repository condition for issue count (#20454) (#20496)
* MISC
  * Make branch icon stand out more (#20726) (#20774)
  * Fix loading button with invalid form (#20754) (#20759)
  * Add username check to doctor (#20140) (#20671)
  * Enable Wire 2 for Internal SSH Server (#20616) (#20617)
  *  Fix SecToTime edge-cases (#20610) (#20611)

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

Co-authored-by: John Olheiser <john+github@jolheiser.com>

* Update CHANGELOG.md

Co-authored-by: delvh <dev.lh@web.de>

* Update CHANGELOG.md

* Update CHANGELOG.md

* update changelog

* Update CHANGELOG.md

Co-authored-by: John Olheiser <john+github@jolheiser.com>

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: John Olheiser <john+github@jolheiser.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-08-18 14:52:04 -04:00
Lunny Xiao
c40c753613
Check Mirror exists before linking its Repo (#20840) (#20842)
In MirrorRepositoryList.loadAttributes there is some code to load the Mirror entries
from the database. This assumes that every Repository which has IsMirror set has
a Mirror associated in the DB. This association is incorrect in the case of
Mirror repository under creation when there is no Mirror entry in the DB until
completion.

Unfortunately LoadAttributes makes this incorrect assumption and presumes that a
Mirror will always be loaded. This then causes a panic.

This PR simply double checks if there a Mirror before attempting to link back to
its Repo. Unfortunately it should be expected that there may be other cases where
this incorrect assumption causes further problems.

Fix #20804

Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
2022-08-18 11:57:40 +03:00
Lunny Xiao
7a9b01a2dd
Add migrate repo archiver and packages storage support on command line (#20757) (#20806)
* Add migrate repo archiver and packages storage support on command line (#20757)

* Add migrate repo archiver and packages storage support on command line

* Fix typo

* Use stdCtx

* Use packageblob and fix command description

* Add migrate packages unit tests

* Fix comment year

* Fix the migrate storage command line description

* Update cmd/migrate_storage.go

Co-authored-by: zeripath <art27@cantab.net>

* Update cmd/migrate_storage.go

Co-authored-by: zeripath <art27@cantab.net>

* Update cmd/migrate_storage.go

Co-authored-by: zeripath <art27@cantab.net>

* Fix test

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>

* bug fix

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2022-08-18 09:27:56 +08:00
zeripath
b43d7e1254
Check issue labels slice length before calling xorm Insert(#20655) (#20836)
Backport #20655

Fix #20654

Co-authored-by: Gabriel Vasile <gabriel.vasile@email.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-08-17 23:36:56 +01:00
zeripath
987798a3a9
Executable check always returns true for windows (#20637) (#20835)
Backport #20637

Windows doesn't have the concept of "executable" POSIX bits so for now always return true to minimise doctor and logging noise. Addresses #20636

Co-authored-by: silverwind <me@silverwind.io>

Co-authored-by: JonRB <4564448+eeyrjmr@users.noreply.github.com>
Co-authored-by: silverwind <me@silverwind.io>
2022-08-17 23:34:29 +01:00
zeripath
13b74accda
Correctly escape within tribute.js (#20831) (#20832)
Backport #20831

When writing html in tribute.js ensure that strings are properly escaped.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-08-17 21:09:28 +01:00