Commit graph

818 commits

Author SHA1 Message Date
Giteabot f890856cf4
Update path related documents (#25417) (#25982)
Backport #25417 by @wxiaoguang

Update WorkPath/WORK_PATH related documents, remove out-dated
information.

Remove "StaticRootPath" on the admin config display page, because few
end user really need it, it only causes misconfiguration.

![image](https://github.com/go-gitea/gitea/assets/2114189/8095afa4-da76-436b-9e89-2a92c229c01d)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit ee47face12)
2023-07-24 07:58:56 +02:00
Giteabot 16102d3787
Ignore runs-on with expressions when warning no matched runners (#25917) (#25933)
Backport #25917 by @wolfogre

Fix #25905

Co-authored-by: Jason Song <i@wolfogre.com>
(cherry picked from commit b7d054e4b5)
2023-07-24 07:58:56 +02:00
Giteabot 27a40aeb6b
Avoid opening/closing PRs which are already merged (#25883) (#25903)
Backport #25883 by @yp05327

We can select PRs to open/close them by one click, but we forgot to
check whether it is merged.
You can get an opening merged PR:

![image](https://github.com/go-gitea/gitea/assets/18380374/22c2e747-4bb9-4742-a9aa-ef39d5308bc5)

You can confirm this in:
https://try.gitea.io/yp05327/testrepo/pulls/5

Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit 9159964ada)
2023-07-24 07:58:56 +02:00
Giteabot 61c6814c15
Fix incorrect milestone count when provide a keyword (#25880) (#25904)
Backport #25880 by @yp05327

You can confirm this issue in:
https://try.gitea.io/yp05327/testrepo/milestones?state=open&q=a
There's no milestone, but the count is 1.

![image](https://github.com/go-gitea/gitea/assets/18380374/25e58cee-aeeb-43c1-8ec8-6e2ec6bf1284)

Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit 36b9a86bd8)
2023-07-24 07:58:50 +02:00
Earl Warren 1371196064
Merge remote-tracking branch 'forgejo/v1.20/forgejo-moderation' into v1.20/forgejo 2023-07-17 08:01:23 +02:00
Gusted 73776d6195
[MODERATION] add user blocking API
- Follow up for: #540, #802
- Add API routes for user blocking from user and organization
perspective.
- The new routes have integration testing.
- The new model functions have unit tests.
- Actually quite boring to write and to read this pull request.

(cherry picked from commit f3afaf15c7)
(cherry picked from commit 6d754db3e5)
(cherry picked from commit d0fc8bc9d3)
(cherry picked from commit 9a53b0d1a0)
(cherry picked from commit 44a2a4fd48)
(cherry picked from commit 182025db9c)
(cherry picked from commit 558a35963e)
2023-07-17 00:26:42 +02:00
Gusted cdf6318f51
[MODERATION] organization blocking a user (#802)
- Resolves #476
- Follow up for: #540
- Ensure that the doer and blocked person cannot follow each other.
- Ensure that the block person cannot watch doer's repositories.
- Add unblock button to the blocked user list.
- Add blocked since information to the blocked user list.
- Add extra testing to moderation code.
- Blocked user will unwatch doer's owned repository upon blocking.
- Add flash messages to let the user know the block/unblock action was successful.
- Add "You haven't blocked any users" message.
- Add organization blocking a user.

Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/802
(cherry picked from commit 0505a10421)
(cherry picked from commit 37b4e6ef9b)
(cherry picked from commit 217475385a)
(cherry picked from commit f2c38ce5c2)
(cherry picked from commit 1edfb68137)
(cherry picked from commit 2cbc12dc74)
(cherry picked from commit 79ff020f18)
2023-07-17 00:26:42 +02:00
Gusted dc9499bdf9
[MODERATION] user blocking
- Add the ability to block a user via their profile page.
- This will unstar their repositories and visa versa.
- Blocked users cannot create issues or pull requests on your the doer's repositories (mind that this is not the case for organizations).
- Blocked users cannot comment on the doer's opened issues or pull requests.
- Blocked users cannot add reactions to doer's comments.
- Blocked users cannot cause a notification trough mentioning the doer.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/540
(cherry picked from commit 687d852480)
(cherry picked from commit 0c32a4fde5)
(cherry picked from commit 1791130e3c)
(cherry picked from commit 00f411819f)
(cherry picked from commit e0c039b0e8)
(cherry picked from commit b5a058ef00)
(cherry picked from commit 5ff5460d28)
(cherry picked from commit 97bc6e619d)
2023-07-17 00:26:42 +02:00
Earl Warren 02ba08ca84
[BRANDING] define the forgejo webhook type
templates/swagger/v1_json.tmpl updated with `make generate-swagger`

(cherry picked from commit 88899c492e)
(cherry picked from commit 7171bd9617)
(cherry picked from commit 1a742446c1)
(cherry picked from commit d7c189d7b2)

Conflicts:
	routers/web/web.go
(cherry picked from commit cbdea868e4)
(cherry picked from commit 6cd150483b)
(cherry picked from commit 47246da8d3)
(cherry picked from commit f2aa0e6b76)
(cherry picked from commit 5a4fc69a16)
(cherry picked from commit 48e444ca09)
(cherry picked from commit 888e537811)
(cherry picked from commit 5121f493c9)
(cherry picked from commit 9394e55fdf)
(cherry picked from commit 3a2ce51768)
(cherry picked from commit 719ead3a65)
(cherry picked from commit 83e6f82e2a)
(cherry picked from commit 494a429b21)
(cherry picked from commit d30c90c0ab)
(cherry picked from commit 3c83b325c4)
(cherry picked from commit 470bffae63)
(cherry picked from commit 1d65921719)
(cherry picked from commit c101c2e0b9)
2023-07-17 00:25:56 +02:00
Earl Warren fb52adb57b
[API] Forgejo API /api/forgejo/v1
(cherry picked from commit 20b5669269)
(cherry picked from commit 1574643a6a)

Update semantic version according to specification

(cherry picked from commit 22510f4130)

Mise à jour de 'Makefile'

(cherry picked from commit c3d85d8409)
(cherry picked from commit 5ea2309851)
(cherry picked from commit ec5217b9d1)
(cherry picked from commit 14f08e364b)
(cherry picked from commit b4465c67b8)

[API] [SEMVER] replace number with version

(cherry picked from commit fba48e6497)
(cherry picked from commit 532ec5d878)

[API] [SEMVER] [v1.20] less is replaced by css

(cherry picked from commit 01ca3a4f42)
(cherry picked from commit 1d928c3ab2)
(cherry picked from commit a39dc804cd)

Conflicts:
	webpack.config.js
(cherry picked from commit adc68578b3)
(cherry picked from commit 9b8d98475f)
(cherry picked from commit 2516103974)
(cherry picked from commit 18e6287963)
(cherry picked from commit e9694e67ab)
(cherry picked from commit a9763edaf0)
(cherry picked from commit e2b550f4fb)
(cherry picked from commit 2edac36701)

[API] Forgejo API /api/forgejo/v1 (squash)

Update semver as v1.20 is entering release candidate mode

(cherry picked from commit 4995098ec3)
(cherry picked from commit 3dd6f2862e)
(cherry picked from commit e8192737ef)
(cherry picked from commit 7b1245cc70)
(cherry picked from commit 4d7cd59703)
(cherry picked from commit 7a7a293dbd)
2023-07-16 23:44:22 +02:00
Giteabot de8127e78b
fix incorrect repo url when changed the case of ownername (#25733) (#25881)
Backport #25733 by @hiifong

When only the casing of the username changes, update the owner name of the repo,
and keep the original logic consistent with other conditions.

example: assume your username is `gitea`, lowercase username is `gitea` too,
repo URL is `.../gitea/{repo}`.
You change your username to `Gitea`, `GiTea` or something like that,
as long as the lowercase username is still `gitea`, the repo URL remained `.../gitea/{repo}`.

this pr keeps the new username consistent with the repo URL.

Before:

![image](https://github.com/go-gitea/gitea/assets/89133723/84177296-f0ff-4176-84f1-1f9ec3f5b86f)
![image](https://github.com/go-gitea/gitea/assets/89133723/8f8f4a12-ecdd-4dec-af89-85c009b0ccfe)

After: 

![image](https://github.com/go-gitea/gitea/assets/89133723/0564edb6-9467-405a-8cd4-d6f70e6f614b)
![image](https://github.com/go-gitea/gitea/assets/89133723/554ecd6e-e5a1-43bc-a46d-99e988c2ff58)

Co-authored-by: hiifong <i@hiif.ong>
2023-07-15 19:47:24 +02:00
Giteabot 026e745b9e
Fix incorrect release count (#25879) (#25887)
Backport #25879 by @yp05327

Release count is not correct:
https://try.gitea.io/yp05327/testrepo/tags

![image](https://github.com/go-gitea/gitea/assets/18380374/07f97c62-d450-4ccb-b3f2-3e0af9d9fc52)

https://try.gitea.io/yp05327/testrepo/releases

![image](https://github.com/go-gitea/gitea/assets/18380374/6f1d55a4-bb68-445d-84b9-90552a40f403)

https://try.gitea.io/yp05327/testrepo/releases/tag/testtag

![image](https://github.com/go-gitea/gitea/assets/18380374/09ab5d51-52b6-4621-a571-3100198eb260)

We already have correct release count, no need to calculate it again.

c5e187c389/modules/context/repo.go (L547)

Co-authored-by: yp05327 <576951401@qq.com>
2023-07-14 09:32:43 +00:00
Giteabot c334be8284
Fix empty project displayed in issue sidebar (#25802) (#25854)
Backport #25802 by @yp05327

You can confirm this issue in
https://try.gitea.io/yp05327/testrepo/issues/2

Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/1ab476dc-2f9b-4c85-9e87-105fc73af1ee)
After:

![image](https://github.com/go-gitea/gitea/assets/18380374/786f984d-5c27-4eff-b3d9-159f68034ce4)

This issue comes from the change in #25468.
`LoadProject` will always return at least one record, so we use
`ProjectID` to check whether an issue is linked to a project in the old
code.
As other `issue.LoadXXX` functions, we need to check the return value
from `xorm.Session.Get`.

In recent unit tests, we only test `issueList.LoadAttributes()` but
don't test `issue.LoadAttributes()`. So I added a new test for
`issue.LoadAttributes()` in this PR.

Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: Denys Konovalov <privat@denyskon.de>
2023-07-12 19:07:03 +02:00
Giteabot 052e65e63f
Fix incorrect oldest sort in project list (#25806) (#25835)
Backport #25806 by @yp05327

sort type `oldest` should be `Asc`.
Added a test for this.

I see we have `SearchOrderBy` in db model, but we are using many
different ways to define the sort type.
~Maybe we can improve this later.~
↑ Improved in this PR

Co-authored-by: yp05327 <576951401@qq.com>
2023-07-12 13:22:17 +08:00
Giteabot 2b79d3fd52
For API attachments, use API URL (#25639) (#25814)
Backport #25639 by @lunny

Fix #25257

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-07-10 12:56:16 +00:00
Giteabot a5a3c81412
Fix notification list bugs (#25781) (#25787)
Backport #25781 by @wxiaoguang

Fix #25627

1. `ctx.Data["Link"]` should use relative URL but not AppURL
2. The `data-params` is incorrect because it doesn't contain "page". JS
can simply use "window.location.search" to construct the AJAX URL
3. The `data-xxx` and `id` in notification_subscriptions.tmpl were
copied&pasted, they don't have affect.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-07-09 19:15:00 +00:00
Giteabot 03cacf971e
Check ctx.Written() for GetActionIssue (#25698) (#25711)
Backport #25698 by @wolfogre

Fix #25697.

Just avoid panic, maybe there's another bug to trigger this case.

Co-authored-by: Jason Song <i@wolfogre.com>
2023-07-06 21:04:26 +02:00
Giteabot 04eea29ecb
Fix tags header and pretty format numbers (#25624) (#25694)
Backport #25624 by @lunny

This casused by #23465

Before

release disabled
<img width="1320" alt="图片"
src="https://github.com/go-gitea/gitea/assets/81045/190a1c81-daa5-41bc-91ac-c9a0bf629b5f">

release enabled
<img width="1320" alt="图片"
src="https://github.com/go-gitea/gitea/assets/81045/a0372c31-727c-4ee0-a6b9-30e502498d90">

After

release disabled
<img width="1304" alt="图片"
src="https://github.com/go-gitea/gitea/assets/81045/a747ea80-a3d9-4792-8f6d-e8955da78b9e">

release enabled
<img width="1290" alt="图片"
src="https://github.com/go-gitea/gitea/assets/81045/7c0bc43a-9149-4148-859d-35839aeb60ca">

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-07-05 07:08:16 +00:00
silverwind 24e64fe372
Replace interface{} with any (#25686) (#25687)
Same perl replacement as https://github.com/go-gitea/gitea/pull/25686
but for 1.20 to ease future backporting.
2023-07-04 23:41:32 -04:00
Giteabot 5510ed34f1
Fix the nil pointer when assigning issues to projects (#25665) (#25677)
Backport #25665 by @Zettat123

Fixes #25649
Caused by #25468

Co-authored-by: Zettat123 <zettat123@gmail.com>
2023-07-04 10:59:01 +00:00
Giteabot 69bdcf41f3
Log the real reason when authentication fails (but don't show the user) (#25414) (#25660)
Backport #25414 by @lunny

Fix #24498

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-07-03 19:26:36 -04:00
wxiaoguang f51c8e0008
Make "cancel" buttons have proper type in modal forms (#25618) (#25641)
Replace #25446, fix #25438

All "cancel" buttons which do not have "type" should not submit the
form, should not be triggered by "Enter".

This is a complete fix for all modal dialogs.

The major change is "modules/aria/modal.js", "devtest" related code is
for demo/test purpose.
2023-07-03 17:09:38 +08:00
KN4CK3R c27a3af728
Redirect to package after version deletion (#25594) (#25599)
Related #25559

Current behaviour:
1. Deletion of a package version
2. Redirect to the owners package list

New behaviour:
1. Deletion of a package version
2.1. If there are more versions available, redirect to the package again
2.2. If there are no versions available, redirect to the owners package
list
2023-06-30 00:14:57 +02:00
Giteabot 9bbb4d8d6d
Improve loadprojects for issue list (#25468) (#25493) 2023-06-26 02:06:58 +00:00
Giteabot 51789ba12d
Improve wiki sidebar and TOC (#25460) (#25477)
Backport #25460 by @wxiaoguang

Close #20976
Close #20975

1. Fix the bug: the TOC in footer was incorrectly rendered as main
content's TOC
2. Fix the layout: on mobile, the TOC is put above the main content,
while the sidebar is put below the main content
3. Auto collapse the TOC on mobile

ps: many styles of "wiki.css" are moved from old css files, so leave
nits to following PRs.

### for desktop


![image](https://github.com/go-gitea/gitea/assets/2114189/6c84201c-0648-465a-99e6-c53cdaee53c0)

### for mobile


![image](https://github.com/go-gitea/gitea/assets/2114189/9cb4fdfe-b6ab-4e6f-ae82-219ddb8fa27e)

### other changed pages

<details>


![image](https://github.com/go-gitea/gitea/assets/2114189/ef077736-2c3e-4e3d-82fe-d9bf1ebcca98)


![image](https://github.com/go-gitea/gitea/assets/2114189/bb528429-ad5f-4258-a5c4-05f997c624ea)

</details>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-06-24 10:16:15 +08:00
wxiaoguang 061b68e995
Refactor path & config system (#25330) (#25416)
Backport #25330

# The problem

There were many "path tricks":

* By default, Gitea uses its program directory as its work path
* Gitea tries to use the "work path" to guess its "custom path" and
"custom conf (app.ini)"
* Users might want to use other directories as work path
* The non-default work path should be passed to Gitea by GITEA_WORK_DIR
or "--work-path"
* But some Gitea processes are started without these values
    * The "serv" process started by OpenSSH server
    * The CLI sub-commands started by site admin
* The paths are guessed by SetCustomPathAndConf again and again
* The default values of "work path / custom path / custom conf" can be
changed when compiling

# The solution

* Use `InitWorkPathAndCommonConfig` to handle these path tricks, and use
test code to cover its behaviors.
* When Gitea's web server runs, write the WORK_PATH to "app.ini", this
value must be the most correct one, because if this value is not right,
users would find that the web UI doesn't work and then they should be
able to fix it.
* Then all other sub-commands can use the WORK_PATH in app.ini to
initialize their paths.
* By the way, when Gitea starts for git protocol, it shouldn't output
any log, otherwise the git protocol gets broken and client blocks
forever.

The "work path" priority is: WORK_PATH in app.ini > cmd arg --work-path
> env var GITEA_WORK_DIR > builtin default

The "app.ini" searching order is: cmd arg --config > cmd arg "work path
/ custom path" > env var "work path / custom path" > builtin default


## ⚠️ BREAKING

If your instance's "work path / custom path / custom conf" doesn't meet
the requirements (eg: work path must be absolute), Gitea will report a
fatal error and exit. You need to set these values according to the
error log.
2023-06-22 16:27:18 +00:00
Giteabot 203fe2841d
Fix Permission in API returned repository struct (#25388) (#25441)
Backport #25388 by @wolfogre

The old code generates `structs.Repository.Permissions` with only
`access.Permission.AccessMode`, however, it should check the units too,
or the value could be incorrect. For example,
`structs.Repository.Permissions.Push` could be false even the doer has
write access to code unit.

Should fix
https://github.com/renovatebot/renovate/issues/14059#issuecomment-1047961128
(Not reported by it, I just found it when I was looking into this bug)

---

Review tips:

The major changes are
- `modules/structs/repo.go`
https://github.com/go-gitea/gitea/pull/25388/files#diff-870406f6857117f8b03611c43fca0ab9ed6d6e76a2d0069a7c1f17e8fa9092f7
- `services/convert/repository.go`
https://github.com/go-gitea/gitea/pull/25388/files#diff-7736f6d2ae894c9edb7729a80ab89aa183b888a26a811a0c1fdebd18726a7101

And other changes are passive.

Co-authored-by: Jason Song <i@wolfogre.com>
2023-06-22 17:01:42 +02:00
sebastian-sauer 30a783879f
Show outdated comments in files changed tab (#24936) (#25428)
Backport #24936

If enabled show a clickable label in the comment. A click on the label
opens the Conversation tab with the comment focussed - there you're able
to view the old diff (or original diff the comment was created on).

**Screenshots**


![image](https://github.com/go-gitea/gitea/assets/1135157/63ab9571-a9ee-4900-9f02-94ab0095f9e7)


![image](https://github.com/go-gitea/gitea/assets/1135157/78f7c225-8d76-46f5-acfd-9b8aab988a6c)

When resolved and outdated:


![image](https://github.com/go-gitea/gitea/assets/1135157/6ece9ebd-c792-4aa5-9c35-628694e9d093)

Option to enable/disable this (stored in user settings - default is
disabled):


![image](https://github.com/go-gitea/gitea/assets/1135157/ed99dfe4-76dc-4c12-bd96-e7e62da50ab5)


![image](https://github.com/go-gitea/gitea/assets/1135157/e837a052-e92e-4a28-906d-9db5bacf93a6)

fixes #24913

Co-authored-by: silverwind <me@silverwind.io>
2023-06-22 08:34:42 +00:00
Giteabot 4908cc9adf
Fix blank dir message when uploading files from web editor (#25391) (#25400)
Backport #25391 by @lunny

Fix #7883

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-06-20 20:28:52 +00:00
Giteabot e5422db5c7
Show if File is Executable (#25287) (#25300)
Backport #25287 by @JakobDev

This simply shows if a File has the executable Permission


![grafik](https://github.com/go-gitea/gitea/assets/15185051/1d50c105-6d55-4ecc-808a-c9cd5559d238)

Co-authored-by: JakobDev <jakobdev@gmx.de>
Co-authored-by: silverwind <me@silverwind.io>
2023-06-16 09:29:26 +00:00
Giteabot b45ea0280b
Show OAuth2 errors to end users (#25261) (#25271)
Backport #25261 by @wxiaoguang

Partially fix #23936


![image](https://github.com/go-gitea/gitea/assets/2114189/8aa7f3ad-a5f0-42ce-a478-289a03bd08a3)


![image](https://github.com/go-gitea/gitea/assets/2114189/bb901e7d-485a-47a5-b68d-9ebe7013a6b2)


![image](https://github.com/go-gitea/gitea/assets/2114189/9a1ce0f3-f011-4baf-8e2f-cc6304bc9703)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-06-15 02:48:36 +00:00
yp05327 d686aa0d31
Fix profile render when the README.md size is larger than 1024 bytes (#25270)
Backport #25131
2023-06-15 01:39:34 +00:00
Giteabot 21cd5c2f3d
Fix all possible setting error related storages and added some tests (#23911) (#25244)
Backport #23911 by @lunny

Follow up #22405

Fix #20703 

This PR rewrites storage configuration read sequences with some breaks
and tests. It becomes more strict than before and also fixed some
inherit problems.

- Move storage's MinioConfig struct into setting, so after the
configuration loading, the values will be stored into the struct but not
still on some section.
- All storages configurations should be stored on one section,
configuration items cannot be overrided by multiple sections. The
prioioty of configuration is `[attachment]` > `[storage.attachments]` |
`[storage.customized]` > `[storage]` > `default`
- For extra override configuration items, currently are `SERVE_DIRECT`,
`MINIO_BASE_PATH`, `MINIO_BUCKET`, which could be configured in another
section. The prioioty of the override configuration is `[attachment]` >
`[storage.attachments]` > `default`.
- Add more tests for storages configurations.
- Update the storage documentations.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-06-14 08:36:52 +02:00
Giteabot de1d14590d
Fix bug for code search if code is disabled (#25173) (#25181)
Backport #25173 by @lunny

Fix https://github.com/go-gitea/gitea/pull/24189/files#r1224144768

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-06-09 19:32:55 +00:00
Giteabot 1cc63ade82
Fix MilestoneIDs when querying issues (#25125) (#25141)
Backport #25125 by @Zettat123

Fix #25114

Co-authored-by: Zettat123 <zettat123@gmail.com>
2023-06-08 11:03:53 +02:00
zeripath 036fb7861f
Clean up WebAuthn javascript code and remove JQuery code (#22697)
There were several issues with the WebAuthn registration and testing
code and the style
was very old javascript with jquery callbacks.

This PR uses async and fetch to replace the JQuery code.

Ref #22651

Signed-off-by: Andrew Thornton <art27@cantab.net>

---------

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: silverwind <me@silverwind.io>
2023-06-06 13:29:37 +08:00
Denys Konovalov ca35dec18b
Add ability to set multiple redirect URIs in OAuth application UI (#25072)
OAuth applications can already have multiple redirect URIs if
created/edited over API.

This change allows for setting multiple redirect URIs through the UI as
a comma-separated list (e. g.
`https://example.org/redirect,https://redirect.example.org`)

<details>
<summary>Screenshots</summary>

![Bildschirmfoto vom 2023-06-04
17-14-40](https://github.com/go-gitea/gitea/assets/47871822/2206dc32-e7e4-4953-9ecb-e098890b3f54)
![Bildschirmfoto vom 2023-06-04
17-14-50](https://github.com/go-gitea/gitea/assets/47871822/cd97c73c-9310-44ee-a83a-b927a1ef94da)

</details>

Closes #25068
2023-06-05 15:00:12 +08:00
Jack Hay 18de83b2a3
Redesign Scoped Access Tokens (#24767)
## Changes
- Adds the following high level access scopes, each with `read` and
`write` levels:
    - `activitypub`
    - `admin` (hidden if user is not a site admin)
    - `misc`
    - `notification`
    - `organization`
    - `package`
    - `issue`
    - `repository`
    - `user`
- Adds new middleware function `tokenRequiresScopes()` in addition to
`reqToken()`
  -  `tokenRequiresScopes()` is used for each high-level api section
- _if_ a scoped token is present, checks that the required scope is
included based on the section and HTTP method
  - `reqToken()` is used for individual routes
- checks that required authentication is present (but does not check
scope levels as this will already have been handled by
`tokenRequiresScopes()`
- Adds migration to convert old scoped access tokens to the new set of
scopes
- Updates the user interface for scope selection

### User interface example
<img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3">
<img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c">

## tokenRequiresScopes  Design Decision
- `tokenRequiresScopes()` was added to more reliably cover api routes.
For an incoming request, this function uses the given scope category
(say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say
`DELETE`) and verifies that any scoped tokens in use include
`delete:organization`.
- `reqToken()` is used to enforce auth for individual routes that
require it. If a scoped token is not present for a request,
`tokenRequiresScopes()` will not return an error

## TODO
- [x] Alphabetize scope categories
- [x] Change 'public repos only' to a radio button (private vs public).
Also expand this to organizations
- [X] Disable token creation if no scopes selected. Alternatively, show
warning
- [x] `reqToken()` is missing from many `POST/DELETE` routes in the api.
`tokenRequiresScopes()` only checks that a given token has the correct
scope, `reqToken()` must be used to check that a token (or some other
auth) is present.
   -  _This should be addressed in this PR_
- [x] The migration should be reviewed very carefully in order to
minimize access changes to existing user tokens.
   - _This should be addressed in this PR_
- [x] Link to api to swagger documentation, clarify what
read/write/delete levels correspond to
- [x] Review cases where more than one scope is needed as this directly
deviates from the api definition.
   - _This should be addressed in this PR_
   - For example: 
   ```go
	m.Group("/users/{username}/orgs", func() {
		m.Get("", reqToken(), org.ListUserOrgs)
		m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions)
}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser,
auth_model.AccessTokenScopeCategoryOrganization),
context_service.UserAssignmentAPI())
   ```

## Future improvements
- [ ] Add required scopes to swagger documentation
- [ ] Redesign `reqToken()` to be opt-out rather than opt-in
- [ ] Subdivide scopes like `repository`
- [ ] Once a token is created, if it has no scopes, we should display
text instead of an empty bullet point
- [ ] If the 'public repos only' option is selected, should read
categories be selected by default

Closes #24501
Closes #24799

Co-authored-by: Jonathan Tran <jon@allspice.io>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2023-06-04 20:57:16 +02:00
wxiaoguang 520eb57d76
Use a separate admin page to show global stats, remove actions stat (#25062)
Before, Gitea shows the database table stats on the `admin dashboard`
page.

It has some problems:

* `count(*)` is quite heavy. If tables have many records, this blocks
loading the admin page blocks for a long time
* Some users had even reported issues that they can't visit their admin
page because this page causes blocking or `50x error (reverse proxy
timeout)`
* The `actions` stat is not useful. The table is simply too large. Does
it really matter if it contains 1,000,000 rows or 9,999,999 rows?
* The translation `admin.dashboard.statistic_info` is difficult to
maintain.

So, this PR uses a separate page to show the stats and removes the
`actions` stat.


![image](https://github.com/go-gitea/gitea/assets/2114189/babf7c61-b93b-4a62-bfaa-22983636427e)

## ⚠️ BREAKING

The `actions` Prometheus metrics collector has been removed for the
reasons mentioned beforehand.
Please do not rely on its output anymore.
2023-06-03 22:03:41 +08:00
Denys Konovalov 7d855efb1f
Allow for PKCE flow without client secret + add docs (#25033)
The PKCE flow according to [RFC
7636](https://datatracker.ietf.org/doc/html/rfc7636) allows for secure
authorization without the requirement to provide a client secret for the
OAuth app.

It is implemented in Gitea since #5378 (v1.8.0), however without being
able to omit client secret.
Since #21316 Gitea supports setting client type at OAuth app
registration.

As public clients are already forced to use PKCE since #21316, in this
PR the client secret check is being skipped if a public client is
detected. As Gitea seems to implement PKCE authorization correctly
according to the spec, this would allow for PKCE flow without providing
a client secret.

Also add some docs for it, please check language as I'm not a native
English speaker.

Closes #17107
Closes #25047
2023-06-03 05:59:28 +02:00
Lunny Xiao 5d23c885ed
Fix users cannot visit issue attachment bug (#25019)
Caused by #24362

Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-31 19:06:17 +02:00
delvh bf27fc3596
Merge new project templates into one (#24985)
Additionally simplify the `new project` template slightly.

Review hint: Disable whitespace changes.

<details><summary>Before</summary>

## New repo project

![grafik](https://github.com/go-gitea/gitea/assets/51889757/4de977e8-3688-45cd-8832-49b001e6f249)

## Edit repo project

![grafik](https://github.com/go-gitea/gitea/assets/51889757/daaf353f-6c99-48bd-b37a-a3bc64459079)

## New user/org project

![grafik](https://github.com/go-gitea/gitea/assets/51889757/6a5a3be5-f51a-4599-b75c-7adb9710d2fa)

## Edit user/org project

![grafik](https://github.com/go-gitea/gitea/assets/51889757/a4768f49-cf46-4773-8a0f-54dfdcc1c1b8)
</details>

<details><summary>After</summary>

## New repo project

![grafik](https://github.com/go-gitea/gitea/assets/51889757/3d0ac8a0-850a-4743-963c-71c66ef38d07)

## Edit repo project

![grafik](https://github.com/go-gitea/gitea/assets/51889757/6b86a1cd-e360-4a9b-aaf7-af032d0d991a)

## New user/org project

![grafik](https://github.com/go-gitea/gitea/assets/51889757/a7b0964c-e4c7-4924-842a-52a58499bc36)

## Edit user/org project

![grafik](https://github.com/go-gitea/gitea/assets/51889757/0fbc5605-afee-49bd-a44a-8646f8c55681)
</details>

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-31 08:50:18 +02:00
HesterG 28a89e360f
Add user level action runners (#24995)
Used similar logic to organization.

<img width="1437" alt="Screen Shot 2023-05-30 at 10 18 06"
src="https://github.com/go-gitea/gitea/assets/17645053/49f3800a-44ae-4188-b1e6-91d49e3d7868">

<img width="1331" alt="Screen Shot 2023-05-30 at 10 31 18"
src="https://github.com/go-gitea/gitea/assets/17645053/221b2068-e9b9-4e34-bb4a-d390594b2f35">
2023-05-31 09:39:54 +08:00
JakobDev 1b115296d3
Followup to pinned Issues (#24945)
This addressees some things from #24406 that came up after the PR was
merged. Mostly from @delvh.

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: delvh <dev.lh@web.de>
2023-05-30 15:26:51 +00:00
Panagiotis "Ivory" Vasilopoulos 35ce7ca25b
Hide 'Mirror Settings' when unneeded, improve hints (#24433)
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-29 11:32:52 +00:00
Denys Konovalov 275d4b7e3f
API endpoint for changing/creating/deleting multiple files (#24887)
This PR creates an API endpoint for creating/updating/deleting multiple
files in one API call similar to the solution provided by
[GitLab](https://docs.gitlab.com/ee/api/commits.html#create-a-commit-with-multiple-files-and-actions).

To archive this, the CreateOrUpdateRepoFile and DeleteRepoFIle functions
in files service are unified into one function supporting multiple files
and actions.

Resolves #14619
2023-05-29 17:41:35 +08:00
Zettat123 28077e66c0
Add step start time to ViewStepLog (#24980)
Part of #24876

According to
https://github.com/go-gitea/gitea/pull/24876#discussion_r1205565622 , we
need the start time of the step to get the log time offset.
2023-05-29 08:18:36 +00:00
JakobDev 85fa954a38
Improve some Forms (#24878)
Don't really know a better name for this. I've gone through some Forms
and added missing HTML attributes (mostly `maxlength`). I tried to fill
the Forms with dummy Data and see if Gitea throws a Error (e.g. maximum
length). If yes, I added the missing HTML attribute.

While working on this, I discovered that the Form to add OAuth2 Apps
just silently fails when filled with invalid data, so I fixed that too.
2023-05-26 09:42:54 +00:00
wxiaoguang 18f26cfbf7
Improve queue and logger context (#24924)
Before there was a "graceful function": RunWithShutdownFns, it's mainly
for some modules which doesn't support context.

The old queue system doesn't work well with context, so the old queues
need it.

After the queue refactoring, the new queue works with context well, so,
use Golang context as much as possible, the `RunWithShutdownFns` could
be removed (replaced by RunWithCancel for context cancel mechanism), the
related code could be simplified.

This PR also fixes some legacy queue-init problems, eg:

* typo : archiver: "unable to create codes indexer queue" => "unable to
create repo-archive queue"
* no nil check for failed queues, which causes unfriendly panic

After this PR, many goroutines could have better display name:

![image](https://github.com/go-gitea/gitea/assets/2114189/701b2a9b-8065-4137-aeaa-0bda2b34604a)

![image](https://github.com/go-gitea/gitea/assets/2114189/f1d5f50f-0534-40f0-b0be-f2c9daa5fe92)
2023-05-26 07:31:55 +00:00
Lunny Xiao f9cfd6ce5b
Use the type RefName for all the needed places and fix pull mirror sync bugs (#24634)
This PR replaces all string refName as a type `git.RefName` to make the
code more maintainable.

Fix #15367
Replaces #23070 
It also fixed a bug that tags are not sync because `git remote --prune
origin` will not remove local tags if remote removed.

We in fact should use `git fetch --prune --tags origin` but not `git
remote update origin` to do the sync.

Some answer from ChatGPT as ref.

> If the git fetch --prune --tags command is not working as expected,
there could be a few reasons why. Here are a few things to check:
> 
>Make sure that you have the latest version of Git installed on your
system. You can check the version by running git --version in your
terminal. If you have an outdated version, try updating Git and see if
that resolves the issue.
> 
>Check that your Git repository is properly configured to track the
remote repository's tags. You can check this by running git config
--get-all remote.origin.fetch and verifying that it includes
+refs/tags/*:refs/tags/*. If it does not, you can add it by running git
config --add remote.origin.fetch "+refs/tags/*:refs/tags/*".
> 
>Verify that the tags you are trying to prune actually exist on the
remote repository. You can do this by running git ls-remote --tags
origin to list all the tags on the remote repository.
> 
>Check if any local tags have been created that match the names of tags
on the remote repository. If so, these local tags may be preventing the
git fetch --prune --tags command from working properly. You can delete
local tags using the git tag -d command.

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-05-26 01:04:48 +00:00