Commit graph

1021 commits

Author SHA1 Message Date
Lunny Xiao 4eb2a29910
Improve ObjectFormat interface (#28496)
The 4 functions are duplicated, especially as interface methods. I think
we just need to keep `MustID` the only one and remove other 3.

```
MustID(b []byte) ObjectID
MustIDFromString(s string) ObjectID
NewID(b []byte) (ObjectID, error)
NewIDFromString(s string) (ObjectID, error)
```

Introduced the new interfrace method `ComputeHash` which will replace
the interface `HasherInterface`. Now we don't need to keep two
interfaces.

Reintroduced `git.NewIDFromString` and `git.MustIDFromString`. The new
function will detect the hash length to decide which objectformat of it.
If it's 40, then it's SHA1. If it's 64, then it's SHA256. This will be
right if the commitID is a full one. So the parameter should be always a
full commit id.

@AdamMajer Please review.
2023-12-19 07:20:47 +00:00
yp05327 4ea522fecf
Only check online runner when detecting matching runners in workflows (#28286)
Mentioned:
[#28277](https://github.com/go-gitea/gitea/issues/28277#issuecomment-1831325276)

We should only check online runner when detecting matching runners in
workflows,
as if runner is not online, the workflow will not run.


![image](https://github.com/go-gitea/gitea/assets/18380374/11855e9d-7241-4b7a-b8d7-49dbb94ba1c5)
2023-12-18 16:06:19 +00:00
wxiaoguang 20929edc99
Add option to disable ambiguous unicode characters detection (#28454)
* Close #24483
* Close #28123
* Close #23682
* Close #23149

(maybe more)
2023-12-17 14:38:54 +00:00
Lunny Xiao 408a484224
Adjust object format interface (#28469)
- Remove `ObjectFormatID`
- Remove function `ObjectFormatFromID`.
- Use `Sha1ObjectFormat` directly but not a pointer because it's an
empty struct.
- Store `ObjectFormatName` in `repository` struct
2023-12-17 11:56:08 +00:00
Adam Majer cbf923e87b
Abstract hash function usage (#28138)
Refactor Hash interfaces and centralize hash function. This will allow
easier introduction of different hash function later on.

This forms the "no-op" part of the SHA256 enablement patch.
2023-12-13 21:02:00 +00:00
Lunny Xiao 717d0f5934
Do some missing checks (#28423) 2023-12-12 05:01:17 +00:00
Lunny Xiao 537fa69962
Second part of refactor db.Find (#28194)
Continue of #27798 and move more functions to `db.Find` and `db.Count`.
2023-12-11 16:56:48 +08:00
yp05327 0abb5633e3
Fix commit status in repo list (#28412)
Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/00edf23a-aee1-4177-a12c-bd03ae14e65e)

![image](https://github.com/go-gitea/gitea/assets/18380374/0663e443-682c-4a68-b14e-a0fa0e4c3716)
`TestOrg/testactions` does have commit status, but won't display in
`All`

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/7231db29-9c4e-484f-afa2-87db19be19b8)

Same to #26179.
2023-12-11 06:19:57 +00:00
Lunny Xiao 9a99c17a14
Fix missing check (#28406) 2023-12-10 21:37:10 +02:00
Lunny Xiao aeb383025f
Also sync DB branches on push if necessary (#28361)
Fix #28056 

This PR will check whether the repo has zero branch when pushing a
branch. If that, it means this repository hasn't been synced.

The reason caused that is after user upgrade from v1.20 -> v1.21, he
just push branches without visit the repository user interface. Because
all repositories routers will check whether a branches sync is necessary
but push has not such check.

For every repository, it has two states, synced or not synced. If there
is zero branch for a repository, then it will be assumed as non-sync
state. Otherwise, it's synced state. So if we think it's synced, we just
need to update branch/insert new branch. Otherwise do a full sync. So
that, for every push, there will be almost no extra load added. It's
high performance than yours.

For the implementation, we in fact will try to update the branch first,
if updated success with affect records > 0, then all are done. Because
that means the branch has been in the database. If no record is
affected, that means the branch does not exist in database. So there are
two possibilities. One is this is a new branch, then we just need to
insert the record. Another is the branches haven't been synced, then we
need to sync all the branches into database.
2023-12-09 13:30:56 +00:00
Jason Song beb71f5ef6
Include public repos in doer's dashboard for issue search (#28304)
It will fix #28268 .

<img width="1313" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/cb1e07d5-7a12-4691-a054-8278ba255bfc">

<img width="1318" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/4fd60820-97f1-4c2c-a233-d3671a5039e9">

## ⚠️ BREAKING ⚠️

But need to give up some features:

<img width="1312" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/281c0d51-0e7d-473f-bbed-216e2f645610">

However, such abandonment may fix #28055 .

## Backgroud

When the user switches the dashboard context to an org, it means they
want to search issues in the repos that belong to the org. However, when
they switch to themselves, it means all repos they can access because
they may have created an issue in a public repo that they don't own.

<img width="286" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/182dcd5b-1c20-4725-93af-96e8dfae5b97">

It's a confusing design. Think about this: What does "In your
repositories" mean when the user switches to an org? Repos belong to the
user or the org?

Whatever, it has been broken by #26012 and its following PRs. After the
PR, it searches for issues in repos that the dashboard context user owns
or has been explicitly granted access to, so it causes #28268.

## How to fix it

It's not really difficult to fix it. Just extend the repo scope to
search issues when the dashboard context user is the doer. Since the
user may create issues or be mentioned in any public repo, we can just
set `AllPublic` to true, which is already supported by indexers. The DB
condition will also support it in this PR.

But the real difficulty is how to count the search results grouped by
repos. It's something like "search issues with this keyword and those
filters, and return the total number and the top results. **Then, group
all of them by repo and return the counts of each group.**"

<img width="314" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/5206eb20-f8f5-49b9-b45a-1be2fcf679f4">

Before #26012, it was being done in the DB, but it caused the results to
be incomplete (see the description of #26012).

And to keep this, #26012 implement it in an inefficient way, just count
the issues by repo one by one, so it cannot work when `AllPublic` is
true because it's almost impossible to do this for all public repos.


1bfcdeef4c/modules/indexer/issues/indexer.go (L318-L338)

## Give up unnecessary features

We may can resovle `TODO: use "group by" of the indexer engines to
implement it`, I'm sure it can be done with Elasticsearch, but IIRC,
Bleve and Meilisearch don't support "group by".

And the real question is, does it worth it? Why should we need to know
the counts grouped by repos?

Let me show you my search dashboard on gitea.com.

<img width="1304" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/2bca2d46-6c71-4de1-94cb-0c9af27c62ff">

I never think the long repo list helps anything.

And if we agree to abandon it, things will be much easier. That is this
PR.

## TODO

I know it's important to filter by repos when searching issues. However,
it shouldn't be the way we have it now. It could be implemented like
this.

<img width="1316" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/99ee5f21-cbb5-4dfe-914d-cb796cb79fbe">

The indexers support it well now, but it requires some frontend work,
which I'm not good at. So, I think someone could help do that in another
PR and merge this one to fix the bug first.

Or please block this PR and help to complete it.

Finally, "Switch dashboard context" is also a design that needs
improvement. In my opinion, it can be accomplished by adding filtering
conditions instead of "switching".
2023-12-07 13:26:18 +08:00
yp05327 ec90ee61ef
Fix object does not exist error when checking citation file (#28314)
Fix #28264

`DataAsync()` will be called twice.
Caused by https://github.com/go-gitea/gitea/pull/27958.
I'm sorry, I didn't completely remove all unnecessary codes.
2023-12-06 16:51:01 +08:00
Lunny Xiao 09d5028442
Fix the runs will not be displayed bug when the main branch have no workflows but other branches have (#28359) 2023-12-06 01:13:59 +00:00
KN4CK3R 14354e4f8e
Read previous info from git blame (#28306)
Fixes #28280

Reads the `previous` info from the `git blame` output instead of
calculating it afterwards.
2023-12-01 01:26:52 +00:00
JakobDev 3618715fab
Add missing variable in tag list (#28305)
This fixes a regression from #25859

If a tag has no Release, Gitea will show a Link to create a Release for
the Tag if the User has the Permission to do this, but the variable to
indicate that is no longer set.

Used here:

1bfcdeef4c/templates/repo/tag/list.tmpl (L39-L41)
2023-11-30 16:26:56 +01:00
yp05327 8572e71a7f
Fix issue will be detected as pull request when checking First-time contributor (#28237)
Fix #28224
2023-11-27 10:46:55 +00:00
Lunny Xiao 882e502327
Fix comment permissions (#28213)
This PR will fix some missed checks for private repositories' data on
web routes and API routes.
2023-11-25 17:21:21 +00:00
Lunny Xiao df1e7d0067
Use db.Find instead of writing methods for every object (#28084)
For those simple objects, it's unnecessary to write the find and count
methods again and again.
2023-11-24 03:49:41 +00:00
wxiaoguang 7c0ab8b974
Make CORS work for oauth2 handlers (#28184)
Fix #25473

Although there was `m.Post("/login/oauth/access_token", CorsHandler()...`,
it never really worked, because it still lacks the "OPTIONS" handler.
2023-11-23 21:19:26 +08:00
Nanguan Lin 37ed92d6fd
Revert "Fix EOL handling in web editor" (#28101)
Reverts go-gitea/gitea#27141
close #28097
2023-11-22 09:14:16 +00:00
JakobDev 08552f0076
Add edit option for README.md (#28071)
Fix #28059


![grafik](https://github.com/go-gitea/gitea/assets/15185051/07adc216-954e-486b-bfda-df3bc15f2089)
2023-11-20 11:47:55 +00:00
yp05327 e88377470a
Fix project counter in organization/individual profile (#28068)
Fix #28052
Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/5f299983-4b38-4d68-ac0e-4be3c62c0558)

![image](https://github.com/go-gitea/gitea/assets/18380374/f0e12afd-483b-4882-80e9-0261beb3fe0c)

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/47cccb7b-bb35-4a7d-9c5b-83133be0323a)

![image](https://github.com/go-gitea/gitea/assets/18380374/77825c0c-4bf2-4762-83a2-1a5a173cc22d)
2023-11-18 11:02:42 +08:00
JakobDev 48b9d98593
Fix viewing wiki commit on empty repo (#28040)
Fixes https://codeberg.org/forgejo/forgejo/issues/1758

For some weird reason we need to cast this nil.
2023-11-14 19:42:23 +08:00
6543 c6366089df
Dont leak private users via extensions (#28023) 2023-11-13 16:30:24 -06:00
yp05327 089ac06969
Improve profile for Organizations (#27982)
Fixes some problems in #27955:
- autofocus of the search box
before:
if access the home page will jump to the search box

![image](https://github.com/go-gitea/gitea/assets/18380374/7f100e8d-2bd6-4563-85ba-d6008ffc71d7)
after:
will not jump to the search box

![image](https://github.com/go-gitea/gitea/assets/18380374/9aab382c-8ebe-4d18-b990-4adbb6c341ad)

- incorrect display of overview tab
before:

![image](https://github.com/go-gitea/gitea/assets/18380374/b24c79e8-9b79-4576-9276-43bd19172043)
after:

![image](https://github.com/go-gitea/gitea/assets/18380374/7aab5827-f086-4874-bd84-39bd81b872f3)

- improve the permission check to the private profile repo
In #26295, we simply added access control to the private profile.
But if user have access to the private profile repo , we should also
display the profile.

- add a button which can jump to the repo list?
I agree @wxiaoguang 's opinion here:
https://github.com/go-gitea/gitea/pull/27955#issuecomment-1803178239
But it seems that this feature is sponsored. 
So can we add a button which can quickly jump to the repo list or just
move profile to the `overview` page?

---------

Co-authored-by: silverwind <me@silverwind.io>
2023-11-13 15:33:22 +01:00
6543 603573366a
Add Profile Readme for Organisations (#27955)
https://blog.gitea.com/release-of-1.20.0/#-user-profile-readme-23260
(#23260) did introduce Profile Readme for Users.

This makes it usable for Organisations:


![image](https://github.com/go-gitea/gitea/assets/24977596/464ab58b-a952-414b-8a34-6deaeb4f7d35)

---
*Sponsored by Kithara Software GmbH*

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-11-09 14:05:52 +00:00
6543 16ba16dbe9
Allow to set explore page default sort (#27951)
as title


---
*Sponsored by Kithara Software GmbH*
2023-11-09 10:11:45 +00:00
yp05327 f48a863b99
Fix citation error when the file size is larger than 1024 bytes (#27958)
Mentioned in:
https://github.com/go-gitea/gitea/pull/27931#issuecomment-1798016960

Same to #25131, so use the same method to fix this problem.
2023-11-08 06:40:12 +00:00
KN4CK3R 8557a9455b
Revert #27870 (#27917)
Now that we have #27798 we don't need the check from #27870 anymore.
With the check it's not possible to remove an inactive auth source from
the user.
2023-11-06 06:09:34 +00:00
Lunny Xiao 1bf5527eac
Refactor Find Sources and fix bug when view a user who belongs to an unactive auth source (#27798)
The steps to reproduce it.

First, create a new oauth2 source.
Then, a user login with this oauth2 source.
Disable the oauth2 source.
Visit users -> settings -> security, 500 will be displayed.
This is because this page only load active Oauth2 sources but not all
Oauth2 sources.
2023-11-03 01:41:00 +00:00
Lunny Xiao 0ba4ecc3bd
Fix http protocol auth (#27875) 2023-11-02 22:14:33 +08:00
KN4CK3R e378545f30
Filter inactive auth sources (#27870)
Fix nil access for inactive auth sources.

> Render failed, failed to render template:
user/settings/security/security, error: template error:
builtin(static):user/settings/security/accountlinks:32:20 : executing
"user/settings/security/accountlinks" at <$providerData.IconHTML>: nil
pointer evaluating oauth2.Provider.IconHTML

Code tries to access the auth source of an `ExternalLoginUser` but the
list contains only the active auth sources.
2023-11-02 01:46:26 +02:00
Brecht Van Lommel 1756e30e10
Allow pull requests Manually Merged option to be used by non-admins (#27780)
Currently this feature is only available to admins, but there is no
clear reason why. If a user can actually merge pull requests, then this
seems fine as well.

This is useful in situations where direct pushes to the repository are
commonly done by developers.

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-10-30 11:13:06 +08:00
853 e544a277fe
Fix the missing repo count in new team page and edit team page (#27743)
Follow #26942
Before:

![image](https://github.com/go-gitea/gitea/assets/8389962/ffe3e914-c71c-493f-965b-369f27c70b4b)


![image](https://github.com/go-gitea/gitea/assets/8389962/eaad4f07-b8ce-4564-b883-97938de5ed79)

After:


![image](https://github.com/go-gitea/gitea/assets/8389962/353aeabe-caf4-4449-8330-d3a29f9bd326)


![image](https://github.com/go-gitea/gitea/assets/8389962/baf59bb6-2c74-4a56-a28c-1519bc3d2594)
2023-10-25 13:55:56 +08:00
silverwind ce83609ff6
Upgrade to golangci-lint@v1.55.0 (#27756)
https://github.com/golangci/golangci-lint/releases/tag/v1.55.0
2023-10-24 02:54:59 +00:00
Nanguan Lin 61d94b247a
Fix link-action redirect network error (#27734)
<img width="823" alt="image"
src="https://github.com/go-gitea/gitea/assets/70063547/99da3d5a-c28a-4fd0-8ae0-88461a9142e2">

---------

Co-authored-by: 6543 <6543@obermui.de>
2023-10-23 20:34:17 +08:00
Nanguan Lin 881806a50b
Replace -1 with GhostUserID (#27703) 2023-10-20 14:43:08 +00:00
6543 adbc995c34
Show total TrackedTime on issue/pull/milestone lists (#26672)
TODOs:
- [x] write test for `GetIssueTotalTrackedTime`
- [x] frontport kitharas template changes and make them mobile-friendly

---

![image](https://github.com/go-gitea/gitea/assets/24977596/6713da97-201f-4217-8588-4c4cec157171)

![image](https://github.com/go-gitea/gitea/assets/24977596/3a45aba8-26b5-4e6a-b97d-68bfc2bf9024)

---
*Sponsored by Kithara Software GmbH*
2023-10-19 14:08:31 +00:00
JakobDev 3dc0c962bf
Delete repos of org when purge delete user (#27273)
Fixes https://codeberg.org/forgejo/forgejo/issues/1514

I had to remove `RenameOrganization` to avoid circular import.

We should really add some foreign keys to the database.
2023-10-19 13:16:11 +00:00
Jason Song 0a2b93d411
Fix typo "GetLatestRunnerToken" (#27680) 2023-10-18 15:52:44 +00:00
yp05327 8abc1aae4a
Improve the list header in milestone page (#27302)
The ui of list header in milestone page is not same as issue and pr list
page.
And they are using different template codes which can be merged into
one.

Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/29eb426c-2dd6-4cf2-96e0-82339fb631bb)

![image](https://github.com/go-gitea/gitea/assets/18380374/b36c4dff-469a-4395-8a02-a8c54e17ab21)



![image](https://github.com/go-gitea/gitea/assets/18380374/d882c74a-451b-431d-b58e-3635a15d9718)

![image](https://github.com/go-gitea/gitea/assets/18380374/292cd38d-1b50-47f1-b32c-9b5de90ce5fb)


After:

![image](https://github.com/go-gitea/gitea/assets/18380374/4529234e-67dc-4e17-9440-e638be4fbc41)

![image](https://github.com/go-gitea/gitea/assets/18380374/c15b4d86-0762-497b-b28d-72d09443d629)

---------

Co-authored-by: puni9869 <80308335+puni9869@users.noreply.github.com>
2023-10-18 00:03:42 +00:00
Lunny Xiao cddf245c12
Replace more db.DefaultContext (#27628)
Target #27065
2023-10-15 17:46:06 +02:00
Nanguan Lin 7480aacdad
Fix 404 when there is an internal version of package (#27615)
close #27601
The Docker registry has an internal version, which leads to 404
2023-10-15 09:22:10 +00:00
JakobDev 76a85a4ce9
Final round of db.DefaultContext refactor (#27587)
Last part of #27065
2023-10-14 08:37:24 +00:00
KN4CK3R c6c829fe3f
Enhanced auth token / remember me (#27606)
Closes #27455

> The mechanism responsible for long-term authentication (the 'remember
me' cookie) uses a weak construction technique. It will hash the user's
hashed password and the rands value; it will then call the secure cookie
code, which will encrypt the user's name with the computed hash. If one
were able to dump the database, they could extract those two values to
rebuild that cookie and impersonate a user. That vulnerability exists
from the date the dump was obtained until a user changed their password.
> 
> To fix this security issue, the cookie could be created and verified
using a different technique such as the one explained at
https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies.

The PR removes the now obsolete setting `COOKIE_USERNAME`.
2023-10-14 00:56:41 +00:00
JakobDev 328da56a28
Don't show Link to TOTP if not set up (#27585) 2023-10-11 20:12:54 +00:00
silverwind 73b63d9311
Replace ajax with fetch, improve image diff (#27267)
1. Dropzone attachment removal, pretty simple replacement
2. Image diff: The previous code fetched every image twice, once via
`img[src]` and once via `$.ajax`. Now it's only fetched once and a
second time only when necessary. The image diff code was partially
rewritten.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-10-11 12:34:21 +00:00
JakobDev ebe803e514
Penultimate round of db.DefaultContext refactor (#27414)
Part of #27065

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-10-11 04:24:07 +00:00
Sergey Zolotarev 7b79be24ca
Fix panic in storageHandler (#27446)
storageHandler() is written as a middleware but is used as an endpoint
handler, and thus `next` is actually `nil`, which causes a null pointer
dereference when a request URL does not match the pattern (where it
calls `next.ServerHTTP()`).

Example CURL command to trigger the panic:

```
curl -I "http://yourhost/gitea//avatars/a"
```

Fixes #27409

---

Note: the diff looks big but it's actually a small change - all I did
was to remove the outer closure (and one level of indentation) ~and
removed the HTTP method and pattern checks as they seem redundant
because go-chi already does those checks~. You might want to check "Hide
whitespace" when reviewing it.

Alternative solution (a bit simpler): append `, misc.DummyOK` to the
route declarations that utilize `storageHandler()` - this makes it
return an empty response when the URL is invalid. I've tested this one
and it works too. Or maybe it would be better to return a 400 error in
that case (?)
2023-10-06 13:23:14 +00:00
Eng Zer Jun 13d5d2e711
Remove redundant len check around loop (#27464)
This pull request is a minor code cleanup.

From the Go specification (https://go.dev/ref/spec#For_range):

> "1. For a nil slice, the number of iterations is 0."
> "3. If the map is nil, the number of iterations is 0."

`len` returns 0 if the slice or map is nil
(https://pkg.go.dev/builtin#len). Therefore, checking `len(v) > 0`
before a loop is unnecessary.

---

At the time of writing this pull request, there wasn't a lint rule that
catches these issues. The closest I could find is
https://staticcheck.dev/docs/checks/#S103

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2023-10-06 14:49:37 +08:00