Commit Graph

67 Commits

Author SHA1 Message Date
wxiaoguang
5d77691d42
Improve template system and panic recovery (#24461)
Partially for #24457

Major changes:

1. The old `signedUserNameStringPointerKey` is quite hacky, use
`ctx.Data[SignedUser]` instead
2. Move duplicate code from `Contexter` to `CommonTemplateContextData`
3. Remove incorrect copying&pasting code `ctx.Data["Err_Password"] =
true` in API handlers
4. Use one unique `RenderPanicErrorPage` for panic error page rendering
5. Move `stripSlashesMiddleware` to be the first middleware
6. Install global panic recovery handler, it works for both `install`
and `web`
7. Make `500.tmpl` only depend minimal template functions/variables,
avoid triggering new panics

Screenshot:

<details>

![image](https://user-images.githubusercontent.com/2114189/235444895-cecbabb8-e7dc-4360-a31c-b982d11946a7.png)

</details>
2023-05-04 14:36:34 +08:00
wxiaoguang
e3750370df
Use globally shared HTMLRender (#24436)
The old `HTMLRender` is not ideal.

1. It shouldn't be initialized multiple times, it consumes a lot of
memory and is slow.
2. It shouldn't depend on short-lived requests, the `WatchLocalChanges`
needs a long-running context.
3. It doesn't make sense to use FuncsMap slice.


HTMLRender was designed to only work for GItea's specialized 400+
templates, so it's good to make it a global shared instance.
2023-04-30 08:22:23 -04:00
JakobDev
36a5d4c2f3
Add API for gitignore templates (#22783)
This implements the [Gitignores template API of GitHub](https://docs.github.com/en/rest/gitignore?apiVersion=2022-11-28) in Gitea
2023-04-27 11:51:20 +08:00
JakobDev
fb37eefa28
Add API for License templates (#23009)
This adds a API for getting License templates. This tries to be as close
to the [GitHub
API](https://docs.github.com/en/rest/licenses?apiVersion=2022-11-28) as
possible, but Gitea does not support all features that GitHub has. I
think they should been added, but this out f the scope of this PR. You
should merge #23006 before this PR for security reasons.
2023-04-26 02:08:28 -04:00
Brecht Van Lommel
84daddc2fa
Editor preview support for external renderers (#23333)
Remove `[repository.editor] PREVIEWABLE_FILE_MODES` setting that seemed
like it was intended to support this but did not work. Instead, whenever
viewing a file shows a preview, also have a Preview tab in the file
editor.

Add new `/markup` web and API endpoints with `comment`, `gfm`,
`markdown` and new `file` mode that uses a file path to determine the
renderer.

Remove `/markdown` web endpoint but keep the API for backwards and
GitHub compatibility.

## ⚠️ BREAKING ⚠️

The `[repository.editor] PREVIEWABLE_FILE_MODES` setting was removed.
This setting served no practical purpose and was not working correctly.
Instead a preview tab is always shown in the file editor when supported.

---------

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-03-24 14:12:23 +08:00
flynnnnnnnnnn
e81ccc406b
Implement FSFE REUSE for golang files (#21840)
Change all license headers to comply with REUSE specification.

Fix #16132

Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2022-11-27 18:20:29 +00:00
KN4CK3R
044c754ea5
Add context.Context to more methods (#21546)
This PR adds a context parameter to a bunch of methods. Some helper
`xxxCtx()` methods got replaced with the normal name now.

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-19 16:12:33 +08:00
delvh
0ebb45cfe7
Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551)
Found using
`find . -type f -name '*.go' -print -exec vim {} -c
':%s/fmt\.Errorf(\(.*\)%v\(.*\)err/fmt.Errorf(\1%w\2err/g' -c ':wq' \;`

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-24 20:29:17 +01:00
Yarden Shoham
63ebb53fd5
Add link to user profile in markdown mention only if user exists (#21533)
Previously mentioning a user would link to its profile, regardless of
whether the user existed. This change tests if the user exists and only
if it does - a link to its profile is added.

* Fixes #3444

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-23 01:15:52 +08:00
zeripath
bb0ff77e46
Share HTML template renderers and create a watcher framework (#20218)
The recovery, API, Web and package frameworks all create their own HTML
Renderers. This increases the memory requirements of Gitea
unnecessarily with duplicate templates being kept in memory.

Further the reloading framework in dev mode for these involves locking
and recompiling all of the templates on each load. This will potentially
hide concurrency issues and it is inefficient.

This PR stores the templates renderer in the context and stores this
context in the NormalRoutes, it then creates a fsnotify.Watcher
framework to watch files.

The watching framework is then extended to the mailer templates which
were previously not being reloaded in dev.

Then the locales are simplified to a similar structure.

Fix #20210 
Fix #20211
Fix #20217

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-08-28 10:43:25 +01:00
Lunny Xiao
1a9821f57a
Move issues related files into models/issues (#19931)
* Move access and repo permission to models/perm/access

* fix test

* fix git test

* Move functions sequence

* Some improvements per @KN4CK3R and @delvh

* Move issues related code to models/issues

* Move some issues related sub package

* Merge

* Fix test

* Fix test

* Fix test

* Fix test

* Rename some files
2022-06-13 17:37:59 +08:00
zeripath
d494cc3356
Fix nodeinfo caching and prevent NPE if cache non-existent (#19721)
Extract from #19703

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-05-16 15:36:57 +08:00
wxiaoguang
04fc4b7e05
Call MultipartForm.RemoveAll when request finishes (#19606) 2022-05-05 16:13:23 +02:00
6543
e2a3f3d259
Federation: return useful statistic information for nodeinfo (#19561)
Add statistic information for total user count, active user count, issue count and comment count for `/nodeinfo`
2022-05-02 21:35:45 +08:00
Lunny Xiao
3c3d49899f
Remove dependent on session auth for api/v1 routers (#19321)
* Remove dependent on session auth for api/v1 routers

* Remove unnecessary session on API context

* remove missed header

* fix test

* fix missed api/v1
2022-04-08 06:22:10 +02:00
6543
54e9ee37a7
format with gofumpt (#18184)
* gofumpt -w -l .

* gofumpt -w -l -extra .

* Add linter

* manual fix

* change make fmt
2022-01-20 18:46:10 +01:00
zeripath
5cb0c9aa0d
Propagate context and ensure git commands run in request context (#17868)
This PR continues the work in #17125 by progressively ensuring that git
commands run within the request context.

This now means that the if there is a git repo already open in the context it will be used instead of reopening it.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-19 23:26:57 +00:00
Lunny Xiao
3ca5dc7e32
Move keys to models/asymkey (#17917)
* Move keys to models/keys

* Rename models/keys -> models/asymkey

* change the missed package name

* Fix package alias

* Fix test

* Fix docs

* Fix test

* Fix test

* merge
2021-12-10 16:14:24 +08:00
techknowlogick
babab0bf5e
Add nodeinfo endpoint for federation purposes (#16953)
Nodeinfo is a way to expose certain metadata about a server for use of discovery regarding functionality of its federation capabilities.

Two endpoints are required:
1. `/.well-known/nodeinfo` which informs client where it can find the location of the location of its metadata (including which version of the schema is used)
2. the endpoint which exposes the metadata in json format according to schema.

Notes:
* `openRegistrations` is a required field, but I propose to set to false as default in case someone writes a crawler to discover "open" gitea instances
* to limit data leakage I also propose to not include the `usage` field (note it is required so it should be included, but left as empty).

More info:
https://github.com/jhass/nodeinfo
https://github.com/jhass/nodeinfo/tree/main/schemas/2.1
http://nodeinfo.diaspora.software/protocol.html
2021-09-28 01:38:06 +02:00
Eng Zer Jun
f2e7d5477f
refactor: move from io/ioutil to io and os package (#17109)
The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil. This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-09-22 13:38:34 +08:00
Lunny Xiao
9d99f6ab19
Refactor renders (#15175)
* Refactor renders

* Some performance optimization

* Fix comment

* Transform reader

* Fix csv test

* Fix test

* Fix tests

* Improve optimaziation

* Fix test

* Fix test

* Detect file encoding with reader

* Improve optimaziation

* reduce memory usage

* improve code

* fix build

* Fix test

* Fix for go1.15

* Fix render

* Fix comment

* Fix lint

* Fix test

* Don't use NormalEOF when unnecessary

* revert change on util.go

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* rename function

* Take NormalEOF back

Co-authored-by: zeripath <art27@cantab.net>
2021-04-19 18:25:08 -04:00
Lunny Xiao
6433ba0ec3
Move macaron to chi (#14293)
Use [chi](https://github.com/go-chi/chi) instead of the forked [macaron](https://gitea.com/macaron/macaron). Since macaron and chi have conflicts with session share, this big PR becomes a have-to thing. According my previous idea, we can replace macaron step by step but I'm wrong. :( Below is a list of big changes on this PR.

- [x] Define `context.ResponseWriter` interface with an implementation `context.Response`.
- [x] Use chi instead of macaron, and also a customize `Route` to wrap chi so that the router usage is similar as before.
- [x] Create different routers for `web`, `api`, `internal` and `install` so that the codes will be more clear and no magic .
- [x] Use https://github.com/unrolled/render instead of macaron's internal render
- [x] Use https://github.com/NYTimes/gziphandler instead of https://gitea.com/macaron/gzip
- [x] Use https://gitea.com/go-chi/session which is a modified version of https://gitea.com/macaron/session and removed `nodb` support since it will not be maintained. **BREAK**
- [x] Use https://gitea.com/go-chi/captcha which is a modified version of https://gitea.com/macaron/captcha
- [x] Use https://gitea.com/go-chi/cache which is a modified version of https://gitea.com/macaron/cache
- [x] Use https://gitea.com/go-chi/binding which is a modified version of https://gitea.com/macaron/binding
- [x] Use https://github.com/go-chi/cors instead of https://gitea.com/macaron/cors
- [x] Dropped https://gitea.com/macaron/i18n and make a new one in `code.gitea.io/gitea/modules/translation`
- [x] Move validation form structs from `code.gitea.io/gitea/modules/auth` to `code.gitea.io/gitea/modules/forms` to avoid dependency cycle.
- [x] Removed macaron log service because it's not need any more. **BREAK**
- [x] All form structs have to be get by `web.GetForm(ctx)` in the route function but not as a function parameter on routes definition.
- [x] Move Git HTTP protocol implementation to use routers directly.
- [x] Fix the problem that chi routes don't support trailing slash but macaron did.
- [x] `/api/v1/swagger` now will be redirect to `/api/swagger` but not render directly so that `APIContext` will not create a html render. 

Notices:
- Chi router don't support request with trailing slash
- Integration test `TestUserHeatmap` maybe mysql version related. It's failed on my macOS(mysql 5.7.29 installed via brew) but succeed on CI.

Co-authored-by: 6543 <6543@obermui.de>
2021-01-26 16:36:53 +01:00
赵智超
fec1521555
Not using "ctx.ServerError" in api (#12907)
This function will render a whole html page which is not useful for API.

Signed-off-by: a1012112796 <1012112796@qq.com>
2020-09-20 21:20:14 +01:00
6543
fc2f2c7602
API: Move AllowedReactions endpoint into GetGenneralUI endpoint + creat new swagger section settings (#11854)
* move Setting function into its own package

* swagger add&use new section "settings"

* move api AllowedReactions into general UI-Settings endpoint

* prepare TEST

* lint
2020-06-22 14:21:31 -04:00
6543
68a2af6d68
API expose usefull General Repo settings settings (#11758)
* GeneralRepoSettings expose MirrorsDisabled, HTTPGitDisabled, MaxCreationLimit

* Apply suggestions from code review

Co-authored-by: proton <25139420+proton-ab@users.noreply.github.com>

* lint

Co-authored-by: proton <25139420+proton-ab@users.noreply.github.com>
2020-06-10 15:05:46 +03:00
6543
2c5b3c72e8
Fix bug with globally disabling mirror (#11760)
Ensure we return after `ctx.Error(...)`
2020-06-04 19:06:24 +01:00
6543
b534a5164f
[API] Expose allowed Reactions (#11735)
* [API] Expose allowed Reactions

* dont be in soutch a rush

* add TEST

* use ElementsMatch

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-06-04 12:16:53 +03:00
zeripath
814ca9ffea
Allow different HardBreaks settings for documents and comments (#11515)
GH has different HardBreaks behaviour for markdown comments and documents.

Comments have hard breaks and documents have soft breaks - therefore Gitea's rendering will always be different from GH's if we only provide one setting.

Here we split the setting in to two - one for documents and one for comments and other things.

Signed-off-by: Andrew Thornton art27@cantab.net

Changes to index.js as per @silverwind 
Co-authored-by: silverwind <me@silverwind.io>

Changes to docs as per @guillep2k 
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2020-05-24 09:14:26 +01:00
silverwind
7e20f1cb5b
enable ENABLE_HARD_LINE_BREAK by default (#11162)
enable ENABLE_HARD_LINE_BREAK by default

This matches GitHub's rendering.

Fix #11155
2020-04-21 23:13:56 +01:00
John Olheiser
baadb51445
Add gitea-vet (#10948)
* Add copyright

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Add gitea-vet and fix non-compliance

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Combine tools.go into build.go and clean up

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Remove extra GO111MODULE=on

Signed-off-by: jolheiser <john.olheiser@gmail.com>
2020-04-05 07:20:50 +01:00
zeripath
27757714d0 Change markdown rendering from blackfriday to goldmark (#9533)
* Move to goldmark

Markdown rendering moved from blackfriday to the goldmark.

Multiple subtle changes required to the goldmark extensions to keep
current rendering and defaults.

Can go further with goldmark linkify and have this work within markdown
rendering making the link processor unnecessary.

Need to think about how to go about allowing extensions - at present it
seems that these would be hard to do without recompilation.

* linter fixes

Co-authored-by: Lauris BH <lauris@nix.lv>
2019-12-31 03:53:28 +02:00
John Olheiser
e6ceb6880a Prefix all user-generated IDs in markup (#9477)
* Prefix all user-generated IDs in markup
* Add user-content- to IDs in unit-tests
* fixup markdown_test.go
* update the hrefs for the wiki test
* Add blackfriday extension regex

Signed-off-by: jolheiser <john.olheiser@gmail.com>
2019-12-23 22:38:50 +00:00
6543
2848c5eb8f Swagger info corrections (#9441)
* use numbers and not http.Status___ enum

* fix test

* add many missing swagger responses

* code format

* Deletion Sould return 204 ...

* error handling improvements

* if special error type ... then add it to swagger too

* one smal nit

* invalidTopicsError is []string

* valid swagger specification 2.0
 - if you add responses swagger can tell you if you do it right 👍

* use ctx.InternalServerError

* Revert "use numbers and not http.Status___ enum"

This reverts commit b1ff386e24.

* use http.Status* enum everywhere
2019-12-20 19:07:12 +02:00
zeripath
fcb535c5c3
Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631)
This PR fixes #7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however.

## Features
- [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.)
- [x] Verify commits signed with the default gpg as valid
- [x] Signer, Committer and Author can all be different
    - [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon.
- [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available
    - Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg
    - [x] Try to match the default key with a user on gitea - this is done at verification time
- [x] Make things configurable?
    - app.ini configuration done
    - [x] when checking commits are signed need to check if they're actually verifiable too
- [x] Add documentation

I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.
2019-10-16 14:42:42 +01:00
Tamal Saha
171b359877 Use gitea forked macaron (#7933)
Signed-off-by: Tamal Saha <tamal@appscode.com>
2019-08-23 12:40:29 -04:00
kolaente
f9ec2f89f2 Add golangci (#6418) 2019-06-12 15:41:28 -04:00
Lunny Xiao
34eee25bd4
Move sdk structs to modules/structs (#6905)
* move sdk structs to moduels/structs

* fix tests

* fix fmt

* fix swagger

* fix vendor
2019-05-11 18:21:34 +08:00
mrsdizzie
3ff0a126e1 Improve issue autolinks (#6273)
* Improve issue autolinks

Update autolinks to match what github does here:

Issue in same repo: #1
Issue in different repo: org/repo#1

Fixes #6264

* Use setting.AppURL when parsing URL

Using setting.AppURL here is a more reliable way of parsing the current
URL and what other functions in this file seem to use.

* Make ComposeMetas always return a valid context

* Add per repository markdown renderers for better context

* Update for use of context metas

Now that we include the user and repo name inside context metas, update
various code and tests for this new logic
2019-04-12 08:53:34 +03:00
Roland Koebler
57ecf09787 Markdown: enable some more extensions (#6362)
* Markdown: enable some more extensions

Improve Markdown-rendering by enabling some extensions:

- enable definitions lists
- enable footnotes
- enable header-ids and automatically generate header-ids (for linking to README-sections or creating table-of-contents for larger READMEs)

* Markdown: update and exted tests

Update and add tests for additionally enabled Markdown-extensions.
2019-03-21 15:53:06 +02:00
Gabriel Silva Simões
3b7f41f9f7 Fix serving of raw wiki files other than .md (#5814)
* Fix serving of raw wiki files other than .md

Closes #4690.
Closes #4395.

Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>

* Simplify code at routers/repo/wiki.go

Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>

* Add more files to user2/repo1.wiki for testing

Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>

* Update macaron to v1.3.2

Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>

* Add tests for WikiRaw

Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>

* Fix NewResponseWriter usage due to macaron update

Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>

* Add raw to reserved wiki names

Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
2019-02-05 20:58:55 -05:00
Piotr Orzechowski
a74426d631 Swagger.v1.json template (#3572)
* Turn swagger.v1.json into template

* Rename ENABLE_SWAGGER_ENDPOINT option to ENABLE_SWAGGER
2018-07-28 03:19:01 +03:00
Antoine GIRARD
908e8942cc Fix swagger errors (#4220)
Fix all the resting errors to have a valid swagger file.

They are still some warnings but nothing blocking.

Doing so I found that some request still misses son parameters for some POST/PUT/PATCH request. This means the a client generated from the swagger file will not work completely. 

Fix #4088 by activating validation in drone
Should fix #4010.
2018-06-12 22:59:22 +08:00
Morgan Bazalgette
535445c32e Rework special link parsing in the post-processing of markup (#3354)
* Get rid of autolink

* autolink in markdown

* Replace email addresses with mailto links

* better handling of links

* Remove autolink.js from footer

* Refactor entire html.go

* fix some bugs

* Make tests green, move what we can to html_internal_test, various other changes to processor logic

* Make markdown tests work again

This is just a description to allow me to force push in order to restart
the drone build.

* Fix failing markdown tests in routers/api/v1/misc

* Add license headers, log errors, future-proof <body>

* fix formatting
2018-02-27 09:09:18 +02:00
Ethan Koenig
7b104f0cd0 Populate URL field of API commits (#3546)
* Populate URL field of API commits

* fix orgmode_test
2018-02-20 20:50:42 +08:00
Ethan Koenig
f26f4a7e01 Update swagger documentation (#2899)
* Update swagger documentation

Add docs for missing endpoints
Add documentation for request parameters
Make parameter naming consistent
Fix response documentation

* Restore delete comments
2017-11-13 09:02:25 +02:00
Antoine GIRARD
619b9b5547 Move swagger-ui under /api/v1 (#2746)
* Move swagger interface under /api/v1

* Update swagger-ui

* Add /api/swagger and prepare for multiple api version

* Update test links

* Fix footer link
2017-10-21 22:05:50 +08:00
Lunny Xiao
0d80af649a Add init support of orgmode document type on file view and readme (#2525)
* add init support of orgmode document type on file view and readme

* fix imports

* fix imports and readmeExist

* fix imports order

* fix format

* remove unnecessary convert
2017-09-21 13:20:14 +08:00
Lunny Xiao
52e11b24bf Restructure markup & markdown to prepare for multiple markup language… (#2411)
* restructure markup & markdown to prepare for multiple markup languages support

* adjust some functions between markdown and markup

* fix tests

* improve the comments
2017-09-16 20:17:57 +03:00
Antoine GIRARD
fd8e8a421a Improve swagger doc (#2274)
* Add swagger comment for adminCreateOrg

* Add swagger comment for admin route

* add hook swagger doc

* Add tags

* Add auth

* Fix name of responses

* Edit name method

* Update vendor

* make generate-swagger
2017-08-21 14:13:47 +03:00
Ethan Koenig
29f3a6e492 Fix rendering of external links (#2292) 2017-08-13 19:30:27 -03:00