Commit graph

16189 commits

Author SHA1 Message Date
Earl Warren ad4c09b59f
parseScope with owner/repo always sets owner to zero (#25987)
Refs: https://codeberg.org/forgejo/forgejo/pulls/1001
2023-07-19 21:21:51 +08:00
harryzcy 0f9f6567bb
Bump github.com/golang-jwt/jwt to v5 (#25975)
Bumping `github.com/golang-jwt/jwt` from v4 to v5.

`github.com/golang-jwt/jwt` v5 is bringing some breaking changes:

- standard `Valid()` method on claims is removed. It's replaced by
`ClaimsValidator` interface implementing `Validator()` method instead,
which is called after standard validation. Gitea doesn't seem to be
using this logic.
- `jwt.Token` has a field `Valid`, so it's checked in `ParseToken`
function in `services/auth/source/oauth2/token.go`

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-19 09:57:10 +00:00
wxiaoguang 50e14699d3
Update path related documents (#25417)
Update WorkPath/WORK_PATH related documents, remove out-dated
information.

Remove "StaticRootPath" on the admin config display page, because few
end user really need it, it only causes misconfiguration.


![image](https://github.com/go-gitea/gitea/assets/2114189/8095afa4-da76-436b-9e89-2a92c229c01d)

Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-19 11:22:57 +02:00
silverwind 06df92b5af
Update djlint, enable H026 and T027 (#25980)
New rules enabled as the bugs I reported were fixed:

- H026 | Empty id and class tags can be removed.
- T027 | Unclosed string found in template syntax.

Refs:

https://github.com/Riverside-Healthcare/djLint/issues/711
https://github.com/Riverside-Healthcare/djLint/issues/712
2023-07-19 10:35:25 +02:00
GiteaBot c7455e9f23 [skip ci] Updated translations via Crowdin 2023-07-19 00:46:27 +00:00
Jason Song 6f1f3e6c08
Show the mismatched ROOT_URL warning on the sign-in page if OAuth2 is enabled (#25947)
Since OAuth2 will callback the root URL, if the user starts signing in
from a wrong host, Gitea will return 500 because it cannot find the
session.

<details>
<summary>How to reproduce</summary>

<img width="901" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/2c2e255c-e13e-4a11-9be7-b226bee54920">

<img width="1014" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/b31cfcf6-a320-483d-9ce5-ba8562f065e1">

</details>


So show the mismatched ROOT_URL warning on the sign-in page if OAuth2 is
enabled.

<img width="1015" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/99e80b17-c790-49a3-bbf2-2bd9396a7daa">
2023-07-18 22:14:30 +00:00
wxiaoguang 236c645bf1
Refactor "Content" for file uploading (#25851)
Before: the concept "Content string" is used everywhere. It has some
problems:

1. Sometimes it means "base64 encoded content", sometimes it means "raw
binary content"
2. It doesn't work with large files, eg: uploading a 1G LFS file would
make Gitea process OOM

This PR does the refactoring: use "ContentReader" / "ContentBase64"
instead of "Content"

This PR is not breaking because the key in API JSON is still "content":
`` ContentBase64 string `json:"content"` ``
2023-07-18 18:14:47 +00:00
wxiaoguang 265a28802a
Fix SSPI auth panic (#25955)
Try to fix #25952

Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-18 17:32:49 +00:00
silverwind dcb607d3cf
Make pending commit status yellow again (#25935)
With the introduction of Actions, the pending commit icon has changed
from yellow to grey for Drone integrations which never set the "running"
status, so it stays in "pending" until completion.

I find it better to have this icon colored like on 1.19. Now both the
"pending" and "running" icons look the same, but I guess we could add an
animation to the "running" state similar to GitHub has to it later.

Before:
<img width="339" alt="Screenshot 2023-07-17 at 19 14 19"
src="https://github.com/go-gitea/gitea/assets/115237/2f4886e4-74fd-42ea-b59e-9af8f141bf1f">

After:
<img width="335" alt="Screenshot 2023-07-17 at 19 14 30"
src="https://github.com/go-gitea/gitea/assets/115237/53189642-e72d-47f6-9cbe-f14eda28f730">

Also, it matches GH's icon:

<img width="466" alt="image"
src="https://github.com/go-gitea/gitea/assets/115237/5804ff90-d223-4a3c-8093-7a9abbaacf87">

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-07-18 16:59:02 +00:00
wxiaoguang faa28b5a44
Move public asset files to the proper directory (#25907)
Move `public/*` to `public/assets/*`

Some old PRs (like #15219) introduced inconsistent directory system.

For example: why the local directory "public" is accessed by
`http://site/assets`? How to serve the ".well-known" files properly in
the public directory?

For convention rules, the "public" directory is widely used for the
website's root directory. It shouldn't be an exception for Gitea.

So, this PR makes the things consistent:

* `http://site/assets/foo` means `{CustomPath}/public/assets/foo`.
* `{CustomPath}/public/.well-known` and `{CustomPath}/public/robots.txt`
can be used in the future.

This PR is also a prerequisite for a clear solution for:
* #21942
* #25892 
* discourse.gitea.io: [.well-known path serving custom files behind
proxy?](https://discourse.gitea.io/t/well-known-path-serving-custom-files-behind-proxy/5445/1)

This PR is breaking for users who have custom "public" files (CSS/JS).
After getting approvals, I will update the documents.

----

## ⚠️ BREAKING ⚠️

If you have files in your "custom/public/" folder, please move them to
"custom/public/assets/".

---------

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-18 18:06:43 +02:00
KN4CK3R 8af96f585f
Disallow dangerous url schemes (#25960)
Regression: https://github.com/go-gitea/gitea/pull/24805
Closes: #25945

- Disallow `javascript`, `vbscript` and `data` (data uri images still
work) url schemes even if all other schemes are allowed
- Fixed older `cbthunderlink` tests

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-07-18 15:18:37 +00:00
wxiaoguang cc73e84fa3
Avoid creating directories when loading config (#25944)
The "creating dir/file during load config" is a longstanding and complex
problem.

This PR only does a quick patch, it still needs more refactorings in the
future.

Fix #25938
2023-07-18 07:32:36 -05:00
GiteaBot 24b49bcf66 [skip ci] Updated translations via Crowdin 2023-07-18 00:43:46 +00:00
silverwind 8bb0a03eaa
Import sortablejs only once (#25936)
Previously, `sortablejs` was imported twice, once synchronously and once
asynchronously, leading to webpack creating duplicate output code (once
in the index bundle, and once in a separate chunk). Fix this by always
asynchronously importing it. This was one of the build warnings observed
when trying to build with vite.
2023-07-17 18:06:37 +00:00
wxiaoguang d0a9456c4f
Make environment-to-ini work with INSTALL_LOCK=true (#25926)
Regression of #25648, fix #25924

Test:

```bash
rm -f /tmp/example.ini /tmp/out.ini && \
echo "[security]" > /tmp/example.ini && \
echo "INSTALL_LOCK = true" >> /tmp/example.ini && \
GITEA__foo__bar=1 go run contrib/environment-to-ini/environment-to-ini.go --config=/tmp/example.ini --out=/tmp/out.ini && \
echo "==== example:" && \
cat /tmp/example.ini && \
echo "==== out:" && \
cat /tmp/out.ini
```

Output:

```
2023/07/17 17:40:51 ...nvironment-to-ini.go:99:runEnvironmentToIni() [I] Settings saved to: "/tmp/out.ini"
==== example:
[security]
INSTALL_LOCK = true
==== out:
[security]
INSTALL_LOCK = true

[foo]
bar = 1

```
2023-07-17 17:56:06 +00:00
Jason Song 29e959fd00
Ignore runs-on with expressions when warning no matched runners (#25917)
Fix #25905

Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-17 18:19:53 +02:00
wxiaoguang ff9a7afe99
Skip unuseful error message in dev mode when watching local filesystem (#25919)
Before, in dev mode, there might be some error logs like:

```
2023/07/17 13:54:51 ...s/assetfs/layered.go:221:WatchLocalChanges() [E] Unable to watch directory .: lstat /data/work/gitea/custom/templates: no such file or directory

```

Because there is no "custom/templates" directory.

After: ignore such error, no such error message anymore.
2023-07-17 09:47:55 +00:00
KN4CK3R 81a8120bc3
Add shutting down notice (#25920)
Got the same problem as #25915 when updating an instance. The
`log.Fatal` should have been marked as breaking in #23911.

This PR adds a notice that the system is shutting down because of the
deprecated setting.
2023-07-17 10:58:47 +02:00
techknowlogick d9763d605d
Downgrading Snap to build with node/18 instead of node/20 2023-07-16 22:28:52 -04:00
puni9869 8fc4774e5a
Fix margin on the new/edit project page. (#25885)
New/Edit Project page consistent layout. Fix margin on the new/edit
page.

Before: 
<img width="1381" alt="image"
src="https://github.com/go-gitea/gitea/assets/80308335/303e128c-0bd0-4289-a395-ff077e33b1c8">
<img width="1392" alt="image"
src="https://github.com/go-gitea/gitea/assets/80308335/d11f7a42-ddf4-4c0a-a1b1-b8cefca9dfa1">

After
<img width="1390" alt="image"
src="https://github.com/go-gitea/gitea/assets/80308335/8ae1a979-9050-4d68-8f5d-9dfaa620c0e8">
<img width="1391" alt="image"
src="https://github.com/go-gitea/gitea/assets/80308335/24a62711-dc0a-4425-bf84-7c1896b9a005">

Co-authored-by: silverwind <me@silverwind.io>
2023-07-16 14:53:54 +00:00
delvh dc3f50aadf
Add 1.20.0 changelog (#25901)
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
2023-07-16 15:28:21 +03:00
yp05327 3add4ca216
Fix incorrect milestone count when provide a keyword (#25880)
You can confirm this issue in:
https://try.gitea.io/yp05327/testrepo/milestones?state=open&q=a
There's no milestone, but the count is 1.

![image](https://github.com/go-gitea/gitea/assets/18380374/25e58cee-aeeb-43c1-8ec8-6e2ec6bf1284)
2023-07-16 03:43:51 +00:00
yp05327 ec35af470c
Avoid opening/closing PRs which are already merged (#25883)
We can select PRs to open/close them by one click, but we forgot to
check whether it is merged.
You can get an opening merged PR:

![image](https://github.com/go-gitea/gitea/assets/18380374/22c2e747-4bb9-4742-a9aa-ef39d5308bc5)

You can confirm this in:
https://try.gitea.io/yp05327/testrepo/pulls/5
2023-07-15 22:10:49 +00:00
sebastian-sauer d473de0c2d
Make add line comment buttons focusable (#25894)
Use a real button and add an aria-label.
Additionally, show the button whenever it is focused.
See https://codeberg.org/forgejo/forgejo/issues/998 for explanation.

Our handling of this button is now equal to that of GitHub.
Nothing has changed visually.
2023-07-15 11:45:34 +02:00
wxiaoguang 9672085d94
Fix "Flash" message usage (#25895)
Resolve https://github.com/go-gitea/gitea/pull/25820/files#r1264309059
2023-07-15 11:52:03 +03:00
GiteaBot faf28b2823 [skip ci] Updated translations via Crowdin 2023-07-15 00:29:55 +00:00
KN4CK3R bd82d8974e
Add support for different Maven POM encoding (#25873)
Fixes #25853

- Maven POM files aren't always UTF-8 encoded.
- Reject the upload of unparsable POM files
2023-07-14 09:39:15 +00:00
yp05327 dc679fc9fa
Fix incorrect release count (#25879)
Release count is not correct:
https://try.gitea.io/yp05327/testrepo/tags

![image](https://github.com/go-gitea/gitea/assets/18380374/07f97c62-d450-4ccb-b3f2-3e0af9d9fc52)

https://try.gitea.io/yp05327/testrepo/releases

![image](https://github.com/go-gitea/gitea/assets/18380374/6f1d55a4-bb68-445d-84b9-90552a40f403)

https://try.gitea.io/yp05327/testrepo/releases/tag/testtag

![image](https://github.com/go-gitea/gitea/assets/18380374/09ab5d51-52b6-4621-a571-3100198eb260)

We already have correct release count, no need to calculate it again.

c5e187c389/modules/context/repo.go (L547)

Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-14 08:47:17 +00:00
yp05327 1c8073b483
Add Github related extensions in devcontainer (#25800) 2023-07-14 15:58:02 +08:00
yp05327 52f46919dc
Add error info if no user can fork the repo (#25820)
Before: (Owner list is empty)

![image](https://github.com/go-gitea/gitea/assets/18380374/dbe87bfe-14ed-4997-8cb2-5c1308232a70)

After: (Disable the button and show the error info)

![image](https://github.com/go-gitea/gitea/assets/18380374/a7e4c315-67ab-408b-88f2-c554076ce87a)
2023-07-14 15:56:20 +08:00
yp05327 61c9268c56
Fix wrong usage of PathEscapeSegments in branch list page (#25864)
Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/21ce7bfa-36f7-4125-9a66-d644400916a8)

emmm, don't know how to write a good title to describe this issue.
If you have a good idea, I can change the title.

The fix code is copied from L122. Not sure it is right or not.

@lunny 
Maybe `DefaultBranchBranch` is also typo?
Two `Branch` in variable name .
2023-07-14 06:08:38 +00:00
hiifong 4628aa5251
fix incorrect repo url when changed the case of ownername (#25733)
When only the case of the username changes and the new username is
consistent with the lowercase username of the old user name, update the
owner name of the repo, and keep the original logic consistent with
other conditions.

example: your username is `gitea`, lowercase username is `gitea`,repo
url is `.../gitea/{repo}`, you changed username to `Gitea` or `GiTea` or
other, but the lowercase username is still `gitea`, the repo url is
still `.../gitea/{repo}`.

this pr fixed it,keep username and repo url consistent.

Before:

![image](https://github.com/go-gitea/gitea/assets/89133723/84177296-f0ff-4176-84f1-1f9ec3f5b86f)

![image](https://github.com/go-gitea/gitea/assets/89133723/8f8f4a12-ecdd-4dec-af89-85c009b0ccfe)


After: 

![image](https://github.com/go-gitea/gitea/assets/89133723/0564edb6-9467-405a-8cd4-d6f70e6f614b)

![image](https://github.com/go-gitea/gitea/assets/89133723/554ecd6e-e5a1-43bc-a46d-99e988c2ff58)
2023-07-14 13:42:10 +08:00
harryzcy c5e187c389
Upgrade go dependencies (#25819) 2023-07-14 11:00:31 +08:00
sebastian-sauer b81c013057
Don't stack PR tab menu on small screens (#25789)
the stacking takes up screen space - display the tabs as the navigation
bar. github uses the same layout.

Screenshots (left before, right after):


![image](https://github.com/go-gitea/gitea/assets/1135157/d7e2aaec-c67b-403d-8d56-d4c824b04eed)
![image](https://github.com/go-gitea/gitea/assets/1135157/9e150881-c265-4074-afd7-407bb52e1934)

Large screen:


![image](https://github.com/go-gitea/gitea/assets/1135157/d5cbdaa3-2962-4c4f-9595-5938981ff99e)
2023-07-14 01:54:20 +00:00
M Hickford e53390d88f
Link to list of vulnerabilities (#25872) 2023-07-14 01:26:54 +00:00
GiteaBot d1f30f2185 [skip ci] Updated translations via Crowdin 2023-07-14 00:31:01 +00:00
Denys Konovalov eec45b43db
move issue filters to shared template (#25729)
Issue filters are being used on repo list page and on milestone issues
page, and the code is mostly duplicated.

This PR does the following changes:
- move issue filters into a shared template
- allow filtering milestone issues by project, so no need to hide this
filter on milestone issues page
- remove some dead code (e. g. issue actions in milestone issues
template)
- fix label filter dropdown width

---------

Co-authored-by: 6543 <6543@obermui.de>
2023-07-13 20:00:38 +00:00
GiteaBot ef90fdbd1d [skip ci] Updated translations via Crowdin 2023-07-13 00:29:39 +00:00
Jason Song aee14b9c0b
Remove git.FileBlame (#25841)
The `FileBlame` function looks strange, it has `revision` as argument
but doesn't use it.

Since the function never be used, I think we could just remove it.

If anyone thinks it should be kept, please help fix `revision`.

Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-12 19:07:29 +02:00
yp05327 8b89563bf1
Fix empty project displayed in issue sidebar (#25802)
Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/1ab476dc-2f9b-4c85-9e87-105fc73af1ee)
After:

![image](https://github.com/go-gitea/gitea/assets/18380374/786f984d-5c27-4eff-b3d9-159f68034ce4)

This issue comes from the change in #25468.
`LoadProject` will always return at least one record, so we use
`ProjectID` to check whether an issue is linked to a project in the old
code.
As other `issue.LoadXXX` functions, we need to check the return value
from `xorm.Session.Get`.

In recent unit tests, we only test `issueList.LoadAttributes()` but
don't test `issue.LoadAttributes()`. So I added a new test for
`issue.LoadAttributes()` in this PR.

---------

Co-authored-by: Denys Konovalov <privat@denyskon.de>
2023-07-12 16:10:35 +02:00
HesterG b137a03297
Update blog links (#25843)
As title. Permalinks for lastest version of blog has changed, update the
blog links.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-12 11:35:07 +00:00
puni9869 4744cb32e2
Fix margin on the new/edit milestone page (#25801)
There is some distortion in desktop and mobile ui for new/edit milestone
page.
Fixing the new/edit milestone page for desktop and mobile ui

Design background
https://uxplanet.org/primary-secondary-action-buttons-c16df9b36150
https://balsamiq.com/learn/articles/button-design-best-practices/


<details>
  <summary>Screen shots</summary>
  
Before:

![image](https://github.com/go-gitea/gitea/assets/80308335/c8627679-da2d-465f-bc8f-978d7b836919)

![image](https://github.com/go-gitea/gitea/assets/80308335/43b54599-2856-440a-a13c-08bb3cedf35c)

After

![image](https://github.com/go-gitea/gitea/assets/80308335/85ca3d32-4842-41bc-8647-aa4222b9cc06)

![image](https://github.com/go-gitea/gitea/assets/80308335/c00e87c4-e64e-4b18-aa42-d26c3942a21b)

</details>

---------

Co-authored-by: Denys Konovalov <privat@denyskon.de>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-12 10:36:56 +00:00
wxiaoguang 22eeede885
Do not "guess" the file encoding/BOM when using API to upload files (#25828)
Related issue: #18368

It doesn't seem right to "guess" the file encoding/BOM when using API to
upload files.

The API should save the uploaded content as-is.
2023-07-12 09:58:27 +00:00
GiteaBot d1e066f5d6 [skip ci] Updated translations via Crowdin 2023-07-12 00:32:23 +00:00
wxiaoguang cee352bb38
Show correct SSL Mode on "install page" (#25818) 2023-07-11 18:09:23 -04:00
yp05327 44572e9243
Fix incorrect oldest sort in project list (#25806)
sort type `oldest` should be `Asc`.
Added a test for this.
2023-07-11 20:47:50 +02:00
caicandong 491cc06ffe
Fix the error message when the token is incorrect (#25701)
we refactored `userIDFromToken` for the token parsing part into a new
function `parseToken`. `parseToken` returns the string `token` from
request, and a boolean `ok` representing whether the token exists or
not. So we can distinguish between token non-existence and token
inconsistency in the `verfity` function, thus solving the problem of no
proper error message when the token is inconsistent.
close #24439  
related #22119

---------

Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-11 10:04:28 +08:00
Lunny Xiao 2f31d2d56c
Exclude default branch from pushed branch hint (#25795)
When pushing to default branch, no pushing hint should be prompt.
Fix #25778

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-10 11:18:55 +00:00
Lunny Xiao 0fd1672ae4
For API attachments, use API URL (#25639)
Fix #25257

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-10 09:31:19 +00:00
wxiaoguang 5489962aac
Fix WORK_DIR for docker (root) image (#25738)
Fix #25726 

#17846 chose an incorrect WORK_DIR path for docker root image.

Gitea's work-path was already used as the base path for various paths
(like AppDataPath), so, the work-path should be mounted to a volume in a
docker image.

Now, for docker root image, it's unavoidable to mix the
WorkPath/CustomPath/AppDataPath in the same directory ("/data/gitea"),
because some of them have already been mixed.

Some directories in the screenshot are for "CustomPath" , while others
are for "AppDataPath", due to the technical debts in old code:

```
CUSTOM_PATH="/data/gitea"
APP_DATA_PATH = /data/gitea
```

<details>


![image](https://github.com/go-gitea/gitea/assets/2114189/9f0648ac-f731-4a08-9f26-1af01a1824b1)

</details>


This PR is breaking but this is the only way at the moment to avoid
users losing their data accidently

Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-10 08:26:07 +00:00