Commit graph

4840 commits

Author SHA1 Message Date
Earl Warren 1bdf334844
feat: add IfZero utility function
(cherry picked from commit 43de021ac1ca017212ec75fd88a8a80a9db27c4c)
2024-09-27 08:42:48 +02:00
hiifong 9d5f409a5a
Lazy load avatar images (#32051)
(cherry picked from commit f38e1014483b84f4541ffb354cd5dfdd7e000e2c)
2024-09-22 09:11:06 +02:00
Jason Song 2da0ebbd23
Support allowed hosts for migrations to work with proxy (#32025)
(cherry picked from commit 125679f2e14cdc8a26a147f7e8fd0e5f174fb5cb)
2024-09-14 17:52:54 +02:00
Jason Song 5b1990b3b2
Increase cacheContextLifetime to reduce false reports (#32011)
Replace #32001.

To prevent the context cache from being misused for long-term work
(which would result in using invalid cache without awareness), the
context cache is designed to exist for a maximum of 10 seconds. This
leads to many false reports, especially in the case of slow SQL.

This PR increases it to 5 minutes to reduce false reports.

5 minutes is not a very safe value, as a lot of changes may have
occurred within that time frame. However, as far as I know, there has
not been a case of misuse of context cache discovered so far, so I think
5 minutes should be OK.

Please note that after this PR, if warning logs are found again, it
should get attention, at that time it can be almost 100% certain that it
is a misuse.

(cherry picked from commit a323a82ec4bde6ae39b97200439829bf67c0d31e)
2024-09-14 17:09:03 +02:00
Lunny Xiao 5f312250eb
Use forum.gitea.com instead of old URL (#31989)
(cherry picked from commit a5818470fe62677d8859b590b2d80b98fe23d098)
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>

Conflicts:
	- .github/ISSUE_TEMPLATE/bug-report.yaml
	  .github/ISSUE_TEMPLATE/config.yml
	  .github/ISSUE_TEMPLATE/feature-request.yaml
	  .github/ISSUE_TEMPLATE/ui.bug-report.yaml
	  templates/install.tmpl
      All of these are Gitea-specific. Resolved the conflict by not
      picking their change.
2024-09-09 20:54:47 +02:00
Lunny Xiao 3ad20e27ae
Fix index too many file names bug (#31903)
Try to fix #31884
Fix #28584

(cherry picked from commit 286ede47ad683bf0431e531e82019cd016cc54dd)
2024-09-09 20:54:39 +02:00
Otto 864eabebba Merge pull request 'chore: remove extra go-sqlite3 imports' (#5243) from yoctozepto/no-extra-sqlite into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5243
Reviewed-by: Otto <otto@codeberg.org>
2024-09-08 00:20:45 +00:00
Gusted 912fe49ab3
Construct screen 2024-09-06 20:24:51 +02:00
Radosław Piliszek f0a6ea454f chore: remove extra go-sqlite3 imports
go-sqlite3 is already properly included conditionally within the
`modules/setting` package.
2024-09-06 09:36:08 +00:00
Gusted c2e11058bb
chore: update mock redis client
- Follow up of #5173
2024-09-01 05:42:34 +02:00
Gusted 500e0e8602 Merge pull request 'chore: Only implement used API of Redis client' (#5173) from gusted/forgejo-redis-binary-size into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5173
Reviewed-by: Otto <otto@codeberg.org>
2024-08-31 23:08:17 +00:00
Earl Warren 293203cb64 Merge pull request 'chore(ci): Cache generated binary across jobs' (#5130) from fnetx/runner-caching into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5130
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-30 05:47:01 +00:00
Gusted 9df10c5ac5
[FEAT] Only implement used API of Redis client
- Currently for the `nosql` module (which simply said provides a manager
for redis clients) returns the
[`redis.UniversalClient`](https://pkg.go.dev/github.com/redis/go-redis/v9#UniversalClient)
interface. The interfaces exposes all available commands.
- In generalm, dead code elimination should be able to take care of not
generating the machine code for methods that aren't being used. However
in this specific case, dead code elimination either is disabled or gives
up on trying because of exhaustive call stack the client by
`GetRedisClient` is used.
- Help the Go compiler by explicitly specifying which methods we use.
This reduces the binary size by ~400KB (397312 bytes). As Go no longer
generate machine code for commands that aren't being used.
- There's a **CAVEAT** with this, if a developer wants to use a new
method that isn't specified, they will have to know about this
hack (by following the definition of existing Redis methods) and add the
method definition from the Redis library to the `RedisClient` interface.
2024-08-30 04:33:15 +02:00
Exploding Dragon 6eb88be6e8 Merge branch 'forgejo' into bugfix-arch 2024-08-29 12:39:16 +00:00
Gusted c87655b7ff Merge pull request '[CHORE] Move cache & captcha library' (#5146) from gusted/forgejo-captcha into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5146
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-29 08:02:09 +00:00
Exploding Dragon 3a55604d3c Merge branch 'forgejo' into bugfix-arch 2024-08-28 00:38:10 +00:00
Gusted bf0d100b84
[CHORE] Move cache library
- This is in the spirit of #5090.
- Move to a fork of gitea.com/go-chi/cache,
code.forgejo.org/go-chi/cache. It removes unused code (a lot of
adapters, that can't be used by Forgejo) and unused dependencies (see
go.sum). Also updates existing dependencies.
8c64f1a362..main
2024-08-27 21:28:56 +02:00
Earl Warren 9addaedaf3 Merge pull request '[gitea] week 2024-35 cherry pick (gitea/main -> forgejo)' (#5109) from algernon/wcp/2024-35 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5109
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-27 06:09:19 +00:00
Exploding Dragon bc4849a904 Merge branch 'forgejo' into bugfix-arch 2024-08-27 02:34:54 +00:00
Otto bf65f1e510 Merge pull request 'feat: Trivial default quota configuration' (#5125) from algernon/forgejo:falling-in-reverse into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5125
Reviewed-by: Otto <otto@codeberg.org>
2024-08-27 01:22:41 +00:00
Otto Richter 72408c7d68 Cache generated binary across jobs
- retrieved by the commit hash
- removes bindata tags from integration tests, because it does not seem
  to be required
- due to the missing automatically generated data, the zstd tests fail
  (they use repo data including node_modules (!) as input to the test,
  there is no apparent reason for the size constants)
2024-08-26 23:43:09 +02:00
Gusted d623126103 Merge pull request '[PORT] Refactor the usage of batch catfile (gitea#31754)' (#5122) from gusted/forgejo-port-gt-31754 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5122
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-26 16:04:47 +00:00
Gergely Nagy 3b70949651
feat: Trivial default quota configuration
This adds a new configuration setting: `[quota.default].TOTAL`, which
will be used if no groups are configured for a particular user. The new
option makes it possible to entirely skip configuring quotas via the API
if all that one wants is a total size.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-08-26 13:25:34 +02:00
Earl Warren 190b5a3859 Merge pull request '[FIX] Don't allow SSH authentication without ssh executable' (#5123) from gusted/forgejo-prevent-no-ssh into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5123
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-26 08:03:52 +00:00
Earl Warren e2ae389184 Merge pull request '[CHORE] Move to new sessioner library' (#5090) from gusted/forgejo-sessioner-fork into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5090
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-26 07:31:56 +00:00
Gusted 1a68d14cf8
[FIX] Don't allow SSH authentication without ssh executable
- Follow up of #4819
- When no `ssh` executable is present, disable the UI and backend bits
that allow the creation of push mirrors that use SSH authentication. As
this feature requires the usage of the `ssh` binary.
- Integration test added.
2024-08-26 08:58:35 +02:00
dragon a3ef037ccb clean style and add more tests 2024-08-26 11:13:22 +08:00
Gusted 24bbf051c3
[TESTS] Add test for CatFileBatch(Check) 2024-08-26 04:48:52 +02:00
dragon 600c703ef4 Fix arch OptDepends version check and add gzip compression 2024-08-26 10:45:24 +08:00
Lunny Xiao 0ca13c5eae
[PORT] Refactor the usage of batch catfile (gitea#31754)
When opening a repository, it will call `ensureValidRepository` and also
`CatFileBatch`. But sometimes these will not be used until repository
closed. So it's a waste of CPU to invoke 3 times git command for every
open repository.

This PR removed all of these from `OpenRepository` but only kept
checking whether the folder exists. When a batch is necessary, the
necessary functions will be invoked.

---
Conflict resolution: Because of the removal of go-git in (#4941)
`_nogogit.go` files were either renamed or merged into the 'common'
file. Git does handle the renames correctly, but for those that were
merged has to be manually copied pasted over. The patch looks the same,
201 additions 90 deletions as the original patch.

(cherry picked from commit c03baab678ba5b2e9d974aea147e660417f5d3f7)
2024-08-26 03:48:51 +02:00
Lunny Xiao ef5ac9a8ee
Use correct function name (#31887)
(cherry picked from commit 0299bb97f038685aee794a992fa4a9f5cf83652e)
2024-08-25 11:56:35 +02:00
Gusted fc40a5e242
[CHORE] Move to new sessioner library
- Moves to a fork of gitea.com/go-chi/session that removed support for
couchbase (and ledis, but that was never made available in Forgejo)
along with other code improvements.
f8ce677595..main
- The rationale for removing Couchbase is quite simple. Its not licensed
under FOSS
license (https://www.couchbase.com/blog/couchbase-adopts-bsl-license/)
and therefore cannot be tested by Forgejo and shouldn't be supported.
This is a similair vein to the removal of MSSQL
support (https://codeberg.org/forgejo/discussions/issues/122)
- A additional benefit is that this reduces the Forgejo binary by ~600Kb.
2024-08-25 03:47:08 +02:00
Gusted d34d8ec2cf Merge pull request 'fix: include last line in file previews with no trailing newline' (#5085) from solomonv/fix-previews-without-trailing-eol into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5085
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-25 00:58:14 +00:00
Solomon Victorino 8f53a69c2e fix: include last line in file previews with no trailing newline 2024-08-24 17:10:31 -06:00
Gusted 5dbacb70f4 Merge pull request 'Allow pushmirror to use publickey authentication' (#4819) from ironmagma/forgejo:publickey-auth-push-mirror into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4819
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-24 16:53:56 +00:00
Solomon Victorino 22f012a859 fix: improve PR/issue short link display text
- include subpaths
- don't append "(comment)" for unrelated hash/query strings
2024-08-22 15:49:05 -06:00
Shiny Nematoda d48b936126 fix: breaking changes with meili (#5073)
resolves breaking changes introduced in #5058

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5073
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
2024-08-22 19:38:00 +00:00
Philip Peterson 03508b33a8
[FEAT] Allow pushmirror to use publickey authentication
- Continuation of https://github.com/go-gitea/gitea/pull/18835 (by
@Gusted, so it's fine to change copyright holder to Forgejo).
- Add the option to use SSH for push mirrors, this would allow for the
deploy keys feature to be used and not require tokens to be used which
cannot be limited to a specific repository. The private key is stored
encrypted (via the `keying` module) on the database and NEVER given to
the user, to avoid accidental exposure and misuse.
- CAVEAT: This does require the `ssh` binary to be present, which may
not be available in containerized environments, this could be solved by
adding a SSH client into forgejo itself and use the forgejo binary as
SSH command, but should be done in another PR.
- CAVEAT: Mirroring of LFS content is not supported, this would require
the previous stated problem to be solved due to LFS authentication (an
attempt was made at forgejo/forgejo#2544).
- Integration test added.
- Resolves #4416
2024-08-22 17:05:07 +02:00
Gusted e3243a9465 Merge pull request 'feat(ui): Add rel="nofollow" to in-list labels' (#5002) from xlii/forgejo:forgejo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5002
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-21 19:54:59 +00:00
Gusted 12f97ef51f
[SEC] Add keying module
The keying modules tries to solve two problems, the lack of key
separation and the lack of AEAD being used for encryption. The currently
used `secrets` doesn't provide this and is hard to adjust to provide
this functionality.

For encryption, the additional data is now a parameter that can be used,
as the underlying primitive is an AEAD constructions. This allows for
context binding to happen and can be seen as defense-in-depth; it
ensures that if a value X is encrypted for context Y (e.g. ID=3,
Column="private_key") it will only decrypt if that context Y is also
given in the Decrypt function. This makes confused deputy attack harder
to exploit.[^1]

For key separation, HKDF is used to derives subkeys from some IKM, which
is the value of the `[service].SECRET_KEY` config setting. The context
for subkeys are hardcoded, any variable should be shuffled into the the
additional data parameter when encrypting.

[^1]: This is still possible, because the used AEAD construction is not
key-comitting. For Forgejo's current use-case this risk is negligible,
because the subkeys aren't known to a malicious user (which is required
for such attack), unless they also have access to the IKM (at which
point you can assume the whole system is compromised). See
https://scottarc.blog/2022/10/17/lucid-multi-key-deputies-require-commitment/
2024-08-21 16:06:17 +02:00
Earl Warren 0c70e11df8 Merge pull request 'git-grep: refactor defaults' (#4964) from yoctozepto/git-grep-refactor-defaults into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4964
Reviewed-by: Shiny Nematoda <snematoda@noreply.codeberg.org>
2024-08-19 13:12:37 +00:00
Radosław Piliszek f784260633 git-grep: refactor defaults
One method to set them all... or something like that.

The defaults for git-grep options were scattered over the run
function body. This change refactors them into a separate method.
The application of defaults is checked implicitly by existing
tests and linters, and the new approach makes it very easy
to inspect the desired defaults are set.
2024-08-19 14:28:01 +02:00
Earl Warren 51620ab0f3 Merge pull request 'Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.60.1 (forgejo)' (#4953) from renovate/forgejo-github.com-golangci-golangci-lint-cmd-golangci-lint-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4953
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-19 07:38:14 +00:00
TheFox0x7 f7bb75ce56
revert: accidental change 2024-08-18 16:36:06 +02:00
Gusted fe18428806
Fix linting issues 2024-08-18 16:25:13 +02:00
TheFox0x7 0813126058
test: add more workflow event coverage 2024-08-18 15:19:01 +02:00
TheFox0x7 8322882265
style: reenable switch check 2024-08-18 15:19:01 +02:00
Earl Warren fbb2252314 Merge pull request 'git-grep: fix for initial dashes in expressions' (#4967) from yoctozepto/git-grep-fix-words into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4967
Reviewed-by: Shiny Nematoda <snematoda@noreply.codeberg.org>
2024-08-17 07:07:40 +00:00
Otto da7f3ac6f5 Merge pull request '[BUG] Make logout event non-blocking' (#4938) from gusted/forgejo-non-blocking-logout into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4938
Reviewed-by: Otto <otto@codeberg.org>
2024-08-16 14:17:15 +00:00
Earl Warren 24eb401a0a Merge pull request 'Enhancing Gitea OAuth2 Provider with Granular Scopes for Resource Access' (#4449) from marcellmars/forgejo:forgejo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4449
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-16 12:38:15 +00:00