Commit graph

1514 commits

Author SHA1 Message Date
Gusted 1ce33aa38d
fix: extend forgejo_auth_token table
- Add a `purpose` column, this allows the `forgejo_auth_token` table to
be used by other parts of Forgejo, while still enjoying the
no-compromise architecture.
- Remove the 'roll your own crypto' time limited code functions and
migrate them to the `forgejo_auth_token` table. This migration ensures
generated codes can only be used for their purpose and ensure they are
invalidated after their usage by deleting it from the database, this
also should help making auditing of the security code easier, as we're
no longer trying to stuff a lot of data into a HMAC construction.
-Helper functions are rewritten to ensure a safe-by-design approach to
these tokens.
- Add the `forgejo_auth_token` to dbconsistency doctor and add it to the
`deleteUser` function.
- TODO: Add cron job to delete expired authorization tokens.
- Unit and integration tests added.
2024-11-15 10:59:36 +01:00
wxiaoguang 7e1aa8a5cd
[PORT] Refactor DateUtils and merge TimeSince (gitea#32409)
Follow #32383 and #32402

---
Conflict resolution: Magic, painful.

(cherry picked from commit b068dbd40ee3b4dc7d18cdcf168f0c24cea234c0)
2024-11-10 22:23:27 +01:00
Otto 0fb48872ac Merge pull request '[FEAT] Trim spaces from repo names on form submission' (#5822) from gusted/forgejo-trim-spaces-form into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5822
Reviewed-by: Otto <otto@codeberg.org>
2024-11-06 09:16:17 +00:00
Earl Warren 36b18fb6cc Merge pull request '[gitea] week 2024-45 cherry pick (gitea/main -> forgejo)' (#5789) from algernon/wcp/2024-45 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5789
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-11-06 08:57:43 +00:00
Gusted 310376525b
[CHORE] Use forked binding library
- Use the forked [binding](https://code.forgejo.org/go-chi/binding)
library. This library has two benefits, it removes the usage of
`github.com/goccy/go-json` (has no benefit as the minimo library is also
using it). It adds the `TrimSpace` feature, which will during the
binding part trim the spaces around the value it got from the form, this
is done before validation.
2024-11-05 22:47:34 +01:00
Otto f28e728317 Merge pull request '[PORT] Replace DateTime with proper functions (gitea#32402)' (#5796) from gusted/forgejo-port-dateutils into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5796
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-11-05 21:46:29 +00:00
Rowan Bohde befafe9a05
improve performance of diffs (#32393)
This has two major changes that significantly reduce the amount of work
done for large diffs:

* Kill a running git process when reaching the maximum number of files
in a diff, preventing it from processing the entire diff.
* When loading a diff with the URL param `file-only=true`, skip loading
stats. This speeds up loading both hidden files of a diff and sections
of a diff when clicking the "Show More" button.

A couple of minor things from profiling are also included:

* Reuse existing repo in `PrepareViewPullInfo` if head and base are the
same.

The performance impact is going to depend heavily on the individual diff
and the hardware it runs on, but when testing locally on a diff changing
100k+ lines over hundreds of files, I'm seeing a roughly 75% reduction
in time to load the result of "Show More"

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 7dcccc3bb19655a6f83dd495ffc332708d0c8678)
2024-11-05 09:39:21 +01:00
Zettat123 6b74043b85
Fix missing signature key error when pulling Docker images with SERVE_DIRECT enabled (#32365)
Fix #28121

I did some tests and found that the `missing signature key` error is
caused by an incorrect `Content-Type` header. Gitea correctly sets the
`Content-Type` header when serving files.

348d1d0f32/routers/api/packages/container/container.go (L712-L717)
However, when `SERVE_DIRECT` is enabled, the `Content-Type` header may
be set to an incorrect value by the storage service. To fix this issue,
we can use query parameters to override response header values.

https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html
<img width="600px"
src="https://github.com/user-attachments/assets/f2ff90f0-f1df-46f9-9680-b8120222c555"
/>

In this PR, I introduced a new parameter to the `URL` method to support
additional parameters.

```
URL(path, name string, reqParams url.Values) (*url.URL, error)
```

---

Most S3-like services support specifying the content type when storing
objects. However, Gitea always use `application/octet-stream`.
Therefore, I believe we also need to improve the `Save` method to
support storing objects with the correct content type.

b7fb20e73e/modules/storage/minio.go (L214-L221)
(cherry picked from commit 0690cb076bf63f71988a709f62a9c04660b51a4f)

Conflicts:
	- modules/storage/azureblob.go
	  Dropped the change, as we do not support Azure blob storage.
	- modules/storage/helper.go
	  Resolved by adjusting their `discardStorage` to our
	  `DiscardStorage`
	- routers/api/actions/artifacts.go
	  routers/api/actions/artifactsv4.go
	  routers/web/repo/actions/view.go
	  routers/web/repo/download.go
	  Resolved the conflicts by manually adding the new `nil`
	  parameter to the `storage.Attachments.URL()` calls.

	  Originally conflicted due to differences in the if expression
	  above these calls.
2024-11-05 09:33:15 +01:00
Oleksandr Redko 4aa61601c3
refactor: remove redundant err declarations (#32381)
(cherry picked from commit f4d3aaeeb9e1b11c5495e4608a3f52f316c35758)

Conflicts:
	- modules/charset/charset_test.go
	  Resolved by manually changing a `=` to `:=`, as per the
	  original patch. Conflict was due to `require.NoError`.
2024-11-05 09:33:15 +01:00
wxiaoguang 171de4d107
[PORT] Fix git error handling (gitea#32401)
---
Conflict resolution: Trivial, for `repo_attributes.go` move where the
`IsErrCanceledOrKilled` needs to happen because of other changes that
happened in this file.

To add some words to this change: It seems to be mostly simplifying the
error handling of git operations.

(cherry picked from commit e524f63d58900557d7d57fc3bcd19d9facc8b8ee)
2024-11-03 16:47:44 +01:00
wxiaoguang f2eabf6308
[PORT] Replace DateTime with DateUtils (gitea#32383)
(cherry picked from commit fec6b3d50072e48bb51c18c5c4ea682dc6319573)
2024-11-03 16:37:01 +01:00
JakobDev 86546fe63e
feat: Add Search to Releases Page 2024-11-02 10:24:35 +01:00
Tom Neuber 68d5cf0e92
Add branch auto deletion for scheduled PRs 2024-10-31 03:49:15 +01:00
Earl Warren 485db0a3ba Merge pull request '[gitea] week 2024-44 cherry pick (gitea/main -> forgejo)' (#5714) from algernon/wcp/2024-44 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5714
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-10-29 09:05:27 +00:00
Gusted 266e0b2ce9
security: add permission check to 'delete branch after merge'
- Add a permission check that the doer has write permissions to the head
repository if the the 'delete branch after merge' is enabled when
merging a pull request.
- Unify the checks in the web and API router to `DeleteBranchAfterMerge`.
- Added integration tests.
2024-10-28 05:48:10 +01:00
Lunny Xiao 480d565944
Fix disable 2fa bug (#32320)
(cherry picked from commit 2abdbe88b5d16dcb345d27b73f1d9738f2d826dd)
2024-10-27 11:27:40 +01:00
Zettat123 8c79008d6f
Add DISABLE_ORGANIZATIONS_PAGE and DISABLE_CODE_PAGE settings for explore pages and fix an issue related to user search (#32288)
These settings can allow users to only display the repositories explore page.

Thanks to yp05327 and wxiaoguang !

---------

Co-authored-by: Giteabot <teabot@gitea.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 9206fbb55fd28f21720072fce6a36cc22277934c)

Conflicts:
	 - templates/explore/navbar.tmpl
	   Resolved by manually applying the last hunk to our template.
2024-10-27 11:27:40 +01:00
Earl Warren 0e0a153adb Merge pull request 'feat: combine review requests comments' (#5695) from gusted/forgejo-combine-request-review into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5695
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-10-27 04:49:23 +00:00
Earl Warren 2bdd7cb080 Merge pull request 'Fix boolean inputs in workflow_dispatch' (#5439) from Mai-Lapyst/forgejo:workflow_dispatch-fix-boolean-inputs into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5439
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-10-26 05:59:50 +00:00
Gusted 8fdc0a7a6c feat: combine review requests comments
- Combine review requests comments similairy how labels comments are
combined. If review requests comments were made within 60 seconds of
each other they will be grouped.
- Integration and unit test added.
- Resolves #2774
2024-10-25 22:57:32 +02:00
Gusted f4a7132a89 fix: don't show truncated comments in RSS/Atom feeds
- When a truncated comment is detected in the RSS/Atom feeds, fetch the
comment from the database and use the original content.
- Added integration test.
- Resolves #5650
2024-10-22 15:15:09 +02:00
Gusted f298bf125a Merge pull request 'fix: use ValidateEmail as binding across web forms' (#5158) from solomonv/consolidate-email-validation into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5158
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-10-21 14:31:32 +00:00
0ko 19ca039486 feat(ui): set your_repositories as the default filter for org dashboards (#5593)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5593
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Shiny Nematoda <snematoda@noreply.codeberg.org>
2024-10-17 13:24:41 +00:00
Gusted a857007d65
fix: Add server logging for OAuth server errors
Although an error was presented to the user about that there's an
internal server error, the error itself is never logged.

Relevant: https://codeberg.org/Codeberg/Community/issues/1675
2024-10-17 09:13:48 +02:00
Otto 1d13249e17 Merge pull request '[BUG] Don't allow owner team with incorrect unit access' (#5529) from gusted/forgejo-owners-team-description into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5529
Reviewed-by: Otto <otto@codeberg.org>
2024-10-14 19:56:58 +00:00
Earl Warren e299a7f4cd Merge pull request 'fix: don't cancel schedule workflows on push to main branch' (#5470) from Kwonunn/forgejo:dont-cancel-schedule-workflow into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5470
2024-10-13 12:06:02 +00:00
Gusted 9de9034400
[BUG] Don't allow owner team with incorrect unit access
- On editting a team, only update the units if the team isn't the
'Owners' team. Otherwise the 'Owners' team end up having all of their
unit access modes set to 'None'; because the request form doesn't send
over any units, as it's simply not shown in the UI.
- Adds a database inconstency check and fix for the case where the
'Owners' team is affected by this bug.
- Adds unit test.
- Adds integration test.
- Resolves #5528
- Regression of https://github.com/go-gitea/gitea/pull/24012
2024-10-11 14:48:47 +02:00
JakobDev 1fc5e41592 [Feat]Add link to show all Issues/PullRequests (#4125)
The Issue and PullRequest list has 3 states:
- open: This lists all open Issues/PullRequests
- closed: This lists all closed Issues/PullRequests
- all: This lists all open and closed Issues/PullRequests

If you want to get to the all state, you need to click Open while in open state or Closed while in closed state, which is very unintuitive. This PR adss a third button to get to this state.

![grafik](/attachments/4ff59e4c-e318-40f0-80ba-f921ce098919)

I'm not sure if the eye icon fits well, but I couldn't find a better one.

Tests will be added once #4124 is merged.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4125
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: JakobDev <jakobdev@gmx.de>
Co-committed-by: JakobDev <jakobdev@gmx.de>
2024-10-09 04:56:40 +00:00
voltagex d17db93fbf i18n: improve 'Verify' error message, stopgap for #2809 (#5479)
Signed-off-by: Adam Baxter <codeberg@voltagex.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5479
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: voltagex <voltagex@noreply.codeberg.org>
Co-committed-by: voltagex <voltagex@noreply.codeberg.org>
2024-10-07 16:11:07 +00:00
Kwonunn b20c0b1469
fix: don't cancel schedule workflows on push to main branch 2024-10-05 12:14:44 +02:00
Otto f7f7800460 Merge pull request 'feat: support regexp in git-grep search' (#4968) from yoctozepto/git-grep-regexp into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4968
Reviewed-by: Shiny Nematoda <snematoda@noreply.codeberg.org>
2024-10-04 17:10:14 +00:00
Mai-Lapyst 96c4ca249a
Fix boolean inputs in workflow_dispatch; closes #5425 2024-10-01 09:22:43 +02:00
cloudchamb3r ff65d34f03
Fix Bug in Issue/pulls list (#32081)
fix #32080

## After
### for opened issues
<img width="1199" alt="Screenshot 2024-09-19 at 6 29 31 PM"
src="https://github.com/user-attachments/assets/86cf48ad-5e4b-4dcb-8abe-4d7fd74e0aec">

### for closed issues
<img width="1208" alt="Screenshot 2024-09-19 at 6 29 37 PM"
src="https://github.com/user-attachments/assets/a16bc545-bfcf-49a4-be52-3e7334910482">

### for all issues
<img width="1340" alt="Screenshot 2024-09-20 at 12 07 12 PM"
src="https://github.com/user-attachments/assets/b2309c8f-e59d-44e9-ae3b-bf54e1196169">

(cherry picked from commit e1f0598c8f5af5ac95f5e13b74fbab99506762db)
2024-09-29 10:08:30 +02:00
Lunny Xiao f709de2403
Fix wrong last modify time (#32102)
(cherry picked from commit a802508f88e546bf18990559e44bf27a09c869ee)
2024-09-27 08:42:48 +02:00
wxiaoguang 1ae3b127fc
Refactor CSRF protector (#32057)
Remove unused CSRF options, decouple "new csrf protector" and "prepare"
logic, do not redirect to home page if CSRF validation falis (it
shouldn't happen in daily usage, if it happens, redirecting to home
doesn't help either but just makes the problem more complex for "fetch")

(cherry picked from commit 1fede04b83288d8a91304a83b7601699bb5cba04)

Conflicts:
	options/locale/locale_en-US.ini
	tests/integration/repo_branch_test.go
  trivial context conflicts
2024-09-27 08:42:48 +02:00
Radosław Piliszek a98cf0e68e code-search: make linters happy again 2024-09-16 16:20:55 +02:00
Radosław Piliszek d2efdda911 ui(code-search): fix to use CodeSearchMode
Drop unused IsFuzzy and IsRegExp
2024-09-16 16:20:55 +02:00
Shiny Nematoda 663e957d3d ui(git-grep): expose regexp mode in dropdown 2024-09-16 16:20:55 +02:00
Radosław Piliszek 6d6116857c git-grep: support regexp 2024-09-16 16:20:40 +02:00
Daniel 5c7b85a981
Failed authentications are logged to level Warning (#32016)
PR for issue #31968
Replaces PR #31983 to comply with gitea's error definition

Failed authentications are now logged to level `Warning` instead of
`Info`.

(cherry picked from commit 64298dcb9e72a5a87a4680563d91fae5b90e0160)
2024-09-14 17:55:25 +02:00
Shiny Nematoda 14abf65269 feat: set created_by as the default filter for /issues and /pulls (#5286)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5286
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
2024-09-13 12:55:39 +00:00
Denys Konovalov 8857da871e Remove urls from translations (#31950)
Part of #27700

Removes all URLs from translation strings to easy up changing them in
the future and to exclude people injecting malicious URLs through
translations. First measure as long as #24402 is out of scope.

(cherry picked from commit 83f37f630246e381eefd650fc2d4b1f3976ea882)
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>

Conflicts:
	- options/locale/locale_en-US.ini
	  Resolved by manually applying the URL->%s changes to our translations.
	- routers/web/admin/hooks.go
	  templates/repo/settings/protected_branch.tmpl
	  templates/status/500.tmpl
	  Manually resolved.
	- templates/repo/settings/webhook/settings.tmpl
	  Applied the change to templates/webhook/shared-settings.tmpl
	  instead

Additional changes: Gitea-specific URLs have been replaced by their
Forgejo counterparts, lifted from the original translation text.
2024-09-12 17:28:58 +05:00
Earl Warren abd08e6fd8 Merge pull request '[gitea] week 2024-37 cherry pick (gitea/main -> forgejo)' (#5263) from algernon/wcp/2024-37 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5263
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-09-11 10:34:35 +00:00
Shiny Nematoda 6178a46fe2 feat: set fuzzy as default for issue search (#5270)
Closes #5225

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5270
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
2024-09-10 15:57:58 +00:00
6543 3c8eb46765
For consistency make repo search sort options case sensitive (#31951)
(cherry picked from commit 19af5344623ba999f418520fad1a3bde77980561)
2024-09-09 20:54:47 +02:00
6543 4098098f00
nix wording nit in todo code comment
(cherry picked from commit c0db47bf9b6eb59d822ad21b7dd8b1d6acd8ad8e)
2024-09-09 20:54:39 +02:00
yp05327 5a0bc35799
Fix sort order for organization home and user profile page (#31921)
Fix #31916

In #30876, `sortOrder` has been changed into a map, but it is only
implemented in explore.
~~But it seems that size sort order has no effect from long long ago,~~
not directly caused by the PR above.

I think it is still caused by #29231.
In #29231, it merged the sort orders from
`templates/explore/repo_search.tmpl` and
`templates/admin/repo/search.tmpl`.
In `templates/admin/repo/search.tmpl`, it contains size sort orders, but
not in `templates/explore/repo_search.tmpl`, which is used in non-admin
pages.
So `order by size` is added from #29231, but the handler was not added.

---------

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 661a1e10f7abd3527d2abc027dec936022db9379)
2024-09-09 20:54:39 +02:00
Lunny Xiao 4ee3a150a3
Fix search team (#31923)
Fix #20658

(cherry picked from commit 06c67c6d5a91176fe4b87fc884c96afc7c3597fa)
2024-09-01 08:19:04 +02:00
Gusted 63736e8301
[FEAT] Add support for webauthn credential level 3
- For WebAuthn Credential level 3, the `backup_eligible` and
`backup_state` flags are checked if they are consistent with the values
given on login. Forgejo never stored this data, so add a database
migration that makes all webauthn credentials 'legacy' and on the next
first use capture the values of `backup_eligible` and `backup_state`.
As suggested in https://github.com/go-webauthn/webauthn/discussions/219#discussioncomment-10429662
- Adds unit tests.
- Add E2E test.
2024-08-29 10:05:03 +02:00
Gusted c87655b7ff Merge pull request '[CHORE] Move cache & captcha library' (#5146) from gusted/forgejo-captcha into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5146
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-29 08:02:09 +00:00