Commit Graph

12371 Commits

Author SHA1 Message Date
mscherer
e595986458
Harden authorized keys a bit more (#17772)
sshd(8) list restrict as a future-proof way to restrict feature
enabled in ssh. It is supported since OpenSSH 7.2, out since
2016-02-29.

OpenSSH will ignore unknown options (see sshauthopt_parse in
auth-options.c), so it should be safe to add the option and
no-user-rc.

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-11-22 21:44:26 -05:00
velengel
a1f5c7bfce
Add copy Commit ID button in commits list (#17759)
* fix: implement commit id copy to clipboard

* fix: remove abundant attributes / consider edge-case

* fix: locale_en fixed

* fix: use ui button

* tune copy button

* fix: button size

* Fix merge

Co-authored-by: Ysmr-Ry <ryo.yossy@live.jp>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-11-22 21:44:10 -05:00
Lunny Xiao
b2daa7e203
Add documentation for backend development (#17512)
* Add documentation for backend development

* Update backend guidline

* More sections

* Add modules/setting and modules/git

* Uniform gitea as Gitea

* some improvements

* some improvements
2021-11-23 10:10:18 +08:00
GiteaBot
c79cc2d3e8 [skip ci] Updated translations via Crowdin 2021-11-23 00:31:08 +00:00
zeripath
1dbc58f742
More pleasantly handle broken or missing git repositories (#17747)
* More pleasantly handle broken or missing git repositories

In #17742 it was noted that there a completely invalid git repository underlying a
repo on gitea.com. This happened due to a problem during a migration however, it
is not beyond the realms of possibility that a corruption could occur to another
user.

This PR adds a check to RepoAssignment that will detect if a repository loading has
failed due to an absent git repository. It will then show a page suggesting the user
contacts the administrator or deletes the repository.

Fix #17742

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update options/locale/locale_en-US.ini

Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-11-22 22:32:16 +00:00
Lunny Xiao
baed01f247
Remove unnecessary attributes of User struct (#17745)
* Remove unnecessary functions of User struct

* Move more database methods out of user struct

* Move more database methods out of user struct

* Fix template failure

* Fix bug

* Remove finished FIXME

* remove unnecessary code
2021-11-22 23:21:55 +08:00
Lunny Xiao
c2ab19888f
Support pagination of organizations on user settings pages (#16083)
* Add pagination for user setting orgs
* Use FindOrgs instead of GetOrgsByUserID
* Remove unnecessary functions and fix test
* remove unnecessary code
2021-11-22 21:51:45 +08:00
Gusted
ed23a6c397
Make bind error more readable (#17750)
- Add the related fieldNames into the response JSON, such that the developer can figure out what's going on.
- Related:
https://github.com/go-gitea/gitea/issues/17126#issuecomment-937848295
2021-11-22 21:05:29 +08:00
Jimmy Praet
a3efd048a7
Improvements to content history (#17746)
* Improvements to content history

* initialize content history when making an edit to an old item created before the introduction of content history
* show edit history for code comments on pull request files tab

* Fix a flaw in keepLimitedContentHistory
Fix a flaw in keepLimitedContentHistory, the first and the last should never be deleted

* Remove obsolete eager initialization of content history
2021-11-22 20:20:16 +08:00
wxiaoguang
49b2cb998b
Fix project board bug and improve documents (#17753)
* the project board was broken, this PR fixes it, and refactor the code, and we prevent the uncategorized column from being dragged.
* improve the frontend guideline (as discussed in https://github.com/go-gitea/gitea/pull/17699)
2021-11-22 19:40:17 +08:00
Gusted
8244cfb8eb
Fix navbar on project view (#17749)
- Shows that the project nav item is active when you're viewing a project.
2021-11-22 18:57:05 +08:00
Gusted
58ff86ed4d
Exclude from watching tests (#17744) 2021-11-22 05:17:21 -05:00
techknowlogick
499b05da22
Add user settings key/value DB table (#16834) 2021-11-22 04:47:23 -05:00
silverwind
a159c3175f
Add new JS linter rules (#17699)
* Add new JS linter rules

Adds a few useful rules from eslint-plugin-github. Notable changes:

- Forbid dataset usage, its camel-casing behaviour makes it hard to
  grep for attributes.
- Forbid .then() and .catch(), we should generally prefer await for new
  code. For rare cases where they are useful, a eslint-disable-line
  directive can be set.
- Add docs js to linting

* also enable github/array-foreach

* small tweak

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-11-22 16:19:01 +08:00
Gusted
7743f13bed
Use f variant to parse formatting (#17751)
As title.
2021-11-22 14:18:31 +08:00
GiteaBot
55e9228866 [skip ci] Updated translations via Crowdin 2021-11-22 00:24:56 +00:00
zeripath
8511eec4d4
Allow Loading of Diffs that are too large (#17739)
* Allow Loading of Diffs that are too large

This PR allows the loading of diffs that are suppressed because the file
is too large. It does not handle diffs of files which have lines which
are too long.

Fix #17738

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-22 00:51:08 +08:00
Lunny Xiao
d710af6669
Remove NewSession method from db.Engine interface (#17577)
* Remove NewSession method from db.Engine interface

* Fix bug

* Some improvements

* Fix bug

* Fix test

* Use XXXBean instead of XXXExample
2021-11-21 23:41:00 +08:00
Lunny Xiao
0add627182
Fix close issue but time watcher still running (#17643)
* Fix close issue but time watcher still running

* refactor stopwatch codes

* Fix test

* Fix test

* Fix typo

* Fix test
2021-11-21 17:11:48 +08:00
GiteaBot
ab09296d37 [skip ci] Updated licenses and gitignores 2021-11-21 00:25:17 +00:00
zeripath
0fa41b6dc4
Reset locale on login (#17734)
When logging in reset the user's locale to ensure that it matches their
preferred locale.

Fix #15612

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-20 21:32:37 +00:00
zeripath
f8ec43dbc7
Extract constant names out for the ReverseProxy and Basic authentication methods (#17735)
In order to reduce load on the GC extract out the constant names of the Basic and ReverseProxy methods.

As mentioned in https://github.com/go-gitea/gitea/pull/15119#discussion_r730352176

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-20 23:33:18 +08:00
zeripath
931d0cf854
Enable show more files in diff for git <2.31 (#17733)
Unfortunately due to a misread on my behalf I missed that git diff only learned
--skip-to in version 2.31.0. Thus this functionality was not working on older versions
of git.

This PR adds a handler that simply allows for us to skip reading the diffs until
we find the correct file to skip to.

Fix #17731

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-20 13:50:00 +00:00
zeripath
0d69e64e03
Make a.add-code-comment click handler an event handler (#17737)
Instead of directly attaching the add-code-comment on click handler to
the a.add-code-comment elements - make this an event handler on the
document instead.

Fix #17736

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-20 20:12:59 +08:00
wxiaoguang
013fb73068
Use hostmatcher to replace matchlist, improve security (#17605)
Use hostmacher to replace matchlist.

And we introduce a better DialContext to do a full host/IP check, otherwise the attackers can still bypass the allow/block list by a 302 redirection.
2021-11-20 17:34:05 +08:00
zeripath
c96be0cd98
Make SSL cipher suite configurable (#17440) 2021-11-20 01:12:43 -05:00
Gusted
9f14fe43c6
Fix correct usage of teams (#17732)
- `.Teams` isn't a field on the User type, thus using the seperate
loaded teams.
- Add a space between `PathEscape` and argument.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-11-20 11:13:24 +08:00
GiteaBot
52869ef386 [skip ci] Updated translations via Crowdin 2021-11-20 00:25:08 +00:00
wxiaoguang
a8fd76557b
Better builtin avatar generator (#17707)
This PR fixes the builtin avatar generator.

1. The random background color makes some images very dirty. So now we only use white background for avatars.
2. We use left-right mirror avatars to satisfy #14799
3. Fix a small padding error in the algorithm
2021-11-20 01:10:41 +08:00
zeripath
38347aa16f
Add settings to allow different SMTP envelope from address (#17479)
* Add settings to allow different SMTP envelope from address

Sometimes it may be advisable to hide or alias the from address on an SMTP mail
envelope. This PR adds two new options to the mailer to allow setting of an overriding
from address.

Fix #17477

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-19 23:35:20 +08:00
Paweł Bogusławski
d4e281bc02
Allow Token API calls be authorized using the reverse-proxy header (#15119)
* API calls authorized with HTTP header

This mod allows API calls to be authorized with HTTP header
when ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled. Without
it user authenticated by reverse proxy is able to access
gitea UI but not API which is inconsistent.

Author-Change-Id: IB#1107572

* Fixed API calls authorized with HTTP header

Only reqBasicAuth is modified to allow reverse proxy
auth as alternative and reqToken is left untouched.

Fixes: dc952c0632
Author-Change-Id: IB#1107572

* Reverse proxy API auth separated in docs

Related: https://github.com/go-gitea/gitea/pull/15119#discussion_r621322127
Author-Change-Id: IB#1107572

* Reverse proxy API auth separated in docs

Related: https://github.com/go-gitea/gitea/pull/15119#discussion_r621322127
Author-Change-Id: IB#1107572

* Reverse proxy API auth separated

Related: https://github.com/go-gitea/gitea/pull/15119#discussion_r621322127
Author-Change-Id: IB#1107572

* ReverseProxyAuth removed from swagger

ReverseProxyAuth removed from swagger as in upstream's suggestion.

Related: https://github.com/go-gitea/gitea/pull/15119#pullrequestreview-692180940
Author-Change-Id: IB#1107572

* ReverseProxyAuth API authorization fixed

Related: https://github.com/go-gitea/gitea/pull/15119#issuecomment-868465099
Author-Change-Id: IB#1107572

* ReverseProxyAuth API authorization fixed

Related: https://github.com/go-gitea/gitea/pull/15119#issuecomment-868465099
Author-Change-Id: IB#1107572
2021-11-19 22:54:44 +08:00
Lunny Xiao
fc3d082609
Move attachment into models/repo/ (#17650)
* Move attachment into models/repo/

* Fix test

* Fix bug
2021-11-19 21:39:57 +08:00
Lunny Xiao
7a03473159
Use a standalone struct name for Organization (#17632)
* Use a standalone struct name for Organization

* recover unnecessary change

* make the code readable

* Fix template failure

* Fix template failure

* Move HasMemberWithUserID to org

* Fix test

* Remove unnecessary user type check

* Fix test

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-11-19 19:41:40 +08:00
KN4CK3R
a09b40de8d
Prevent double sanitize (#16386)
* Prevent double sanitize.
* Use SanitizeReaderToWriter.

At the moment `actualRender` uses `SanitizeReader` to sanitize the output. But `SanitizeReader` gets called in `markup.render` too so the output gets sanitized twice.

I moved the `SanitizeReader` call into `RenderRaw` because this method does not use `markup.render`. I would like to remove the `RenderRaw`/`RenderRawString` methods too because they are only called from tests, the fuzzer and the `/markup/raw` api endpoint. This endpoint is not in use so I think we could remove them. If we really in the future need a method to render markdown without PostProcessing we could achieve this with a more flexible `renderer.NeedPostProcess` method.
2021-11-19 18:46:47 +08:00
Gusted
381e131fc8
Added comment for changing issue ref (#17672)
* Added comment for changing issue ref
- Add a comment when someone changes the ref(erence?) of a issue.
2021-11-19 17:54:31 +08:00
Gusted
00448ebe91
Remove unused user paramater (#17723)
As title
2021-11-19 08:37:13 +00:00
wxiaoguang
e4b95de388
Prepare and check test env during CI (#17725)
This PR should resolve the permission problems during CI, if the uid doesn't match, a more clear message is shown.

*  CI fails with unknown permission problems #17710

The new drone step dependencies:

(root)prepare-test-env -> (gitea)build -> (gitea)test
2021-11-19 13:58:34 +08:00
Lunny Xiao
9361b65f54
Fix bug when project board get open issue number (#17703)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-11-19 12:00:18 +08:00
Gusted
96ec656cf1
perf: sent data-path once for each file (#17657)
- Don't sent it with each line, instead send it at the top-element for each file.
- Related:
https://github.com/go-gitea/gitea/pull/17618#issuecomment-968192761

2.5K Additions:
No-Patch:
Unified: 2.14 MB (2.14 MB size)
Split: 2.59 MB (2.59 MB size)

Patch:
Unified: 2.10 MB (2.10 MB size) (-1.8%)
Split: 2.55 MB (2.55 MB size) (-1.5%)
2021-11-19 10:28:27 +08:00
zeripath
a85e75b2b1
Prevent deadlock in TestPersistableChannelQueue (#17717)
* Prevent deadlock in TestPersistableChannelQueue

There is a potential deadlock in TestPersistableChannelQueue due to attempting to
shutdown the test queue before it is ready.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* prevent npe

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-19 01:13:25 +00:00
GiteaBot
72b0882a45 [skip ci] Updated translations via Crowdin 2021-11-19 00:25:46 +00:00
KN4CK3R
f34151bdb2
Move user/org deletion to services (#17673) 2021-11-19 01:42:27 +08:00
wxiaoguang
55be5fe339
Refactor repo-legacy.js, remove messy global variables. Fix errors. (#17646)
Refactor repo-legacy.js, remove messy global variables. Fix errors.
Fix an error in Sortable
Fix a incorrect call assignMenuAttributes from the template
2021-11-19 00:45:00 +08:00
99rgosse
e1d655991b
Fix Migrate Description (#17692)
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-11-18 23:28:10 +08:00
Gusted
c3e020ca34
Add pagination to fork list (#17639)
- Resolves #14574
- Adds the necessary code to have pagination working in the forks list of
a repo. The code is mostly in par with the stars/watcher implementation.
2021-11-18 22:45:56 +08:00
Gusted
257b7171c3
Fix possible panic (#17694)
- The code will get the first and second character `link[{0,1]]`.
However in a rare case the `link` could have 1 character and thus the
`link[1]` will create a panic.
2021-11-18 21:25:56 +08:00
Gusted
d1f5584039
Simplify code for wrting SHA to name-rev (#17696) 2021-11-18 04:50:22 -05:00
zeripath
878c2ce6e6
Prevent NPE due to missing repo in regression in #17551 (#17697) 2021-11-18 03:18:12 -05:00
Lunny Xiao
1f1ae57139
Move task from modules to services (#17680) 2021-11-18 14:47:57 +08:00
Lunny Xiao
3c3855a05c
Move user functions into user.go (#17659)
* Move user functions into user.go

* Fix test
2021-11-18 13:58:42 +08:00