Commit graph

4184 commits

Author SHA1 Message Date
KN4CK3R bcb78e70ca
Quote table release in sql queries (#27205)
Fixes #27174

`release` is a reserved keyword in MySql. I can't reproduce the issue on
my setup and we have a test for that code but it seems there can be
setups where it fails.


a101dbaa79/tests/integration/repo_activity_test.go (L45-L46)
2023-09-23 12:57:39 +00:00
Daniel Kilimnik 0ee7cbf725
Fix push mirror, wrong timestamp format (#27153)
I noticed, that the push mirrors endpoint, is the only endpoint which
returns the times in long format rather than as time.Time().

I think the behavior should be consistent across the project.

----

## ⚠️ BREAKING ⚠️

This PR changes the time format used in API responses for all
push_mirror endpoints which return a push mirror.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-09-23 12:15:05 +00:00
wxiaoguang c0ed26f987
Remove some dead code (#27196)
Some code is not in use any more, remove them.
2023-09-22 23:30:31 +08:00
JakobDev 28f9b313ba
Updates to the API for archived repos (#27149) 2023-09-21 23:43:29 +00:00
Nanguan Lin 2f8e1604f8
Fix review request number and add more tests (#27104)
fix #27019 
## testfixture yml
1. add issue20(a pr issue) in repo 23, org 17
2. add user15 to team 9
3. add four reviews about issue20
## test case
add two tests that are described with code comments
the code before pr #26784 failed the first test
<img width="479" alt="image"
src="https://github.com/go-gitea/gitea/assets/70063547/1d9b5787-11b4-4c4d-931f-6a9869547f35">
current code failed the second test(as mentioned in #27019)
<img width="484" alt="image"
src="https://github.com/go-gitea/gitea/assets/70063547/05608055-7587-43d1-bae1-92c688270819">
Any advice is appreciated.

---------

Co-authored-by: CaiCandong <50507092+CaiCandong@users.noreply.github.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-09-21 13:59:50 +02:00
Chongyi Zheng 9631958a82
Refactor lfs requests (#26783)
- Refactor lfs request code
- The original code uses `performRequest` function to create the
request, uses a callback to modify the request, and then send the
request.
- Now it's replaced with `createRequest` that only creates request and
`performRequest` that only sends the request.
- Reuse `createRequest` and `performRequest` in `http_client.go` and
`transferadapter.go`

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-09-18 08:40:50 +00:00
KN4CK3R ed64f1c2b8
Support .git-blame-ignore-revs file (#26395)
Closes #26329

This PR adds the ability to ignore revisions specified in the
`.git-blame-ignore-revs` file in the root of the repository.


![grafik](https://github.com/go-gitea/gitea/assets/1666336/9e91be0c-6e9c-431c-bbe9-5f80154251c8)

The banner is displayed in this case. I intentionally did not add a UI
way to bypass the ignore file (same behaviour as Github) but you can add
`?bypass-blame-ignore=true` to the url manually.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-09-16 17:42:34 +00:00
KN4CK3R c766140dad
Add RemoteAddress to mirrors (#26952)
This PR adds a new field `RemoteAddress` to both mirror types which
contains the sanitized remote address for easier (database) access to
that information. Will be used in the audit PR if merged.
2023-09-16 16:03:02 +00:00
JakobDev f91dbbba98
Next round of db.DefaultContext refactor (#27089)
Part of #27065
2023-09-16 14:39:12 +00:00
Nanguan Lin 7cdbe65a2c
Add tests for db indexer in indexer_test.go (#27087)
As described in the title.
Some points: 
1. Why need those tests?
Because `buildIssueOverview` is not well tested, there are several
continuous bugs in the issue overview webpage.
2. Why in indexer_test.go?
It's hard to put those tests in `./modules/indexer/issue/db/db_test.go`
because those tests need 'real' data in db mocked by fixtures instead of
random data in `./modules/indexer/issue/internal/tests`. When using
'real' data(`unittest.PrepareTestDatabase`), `InitIssueIndexer` and the
package `init()` function of `indexer` are required to init indexer.
3. Why only db?
The other three indexer engines are well tested by random data and it's
okay to also test them with 'real' data in db mocked by fixtures. Any
follow-up PR is welcome.
4. Those tests are really basic, any more complicated tests are welcome.
5. I think it's also necessary to add tests in `TestAPISearchIssues`
in`api_test_issue.go` and `TestIssues` in `home_test.go`
2023-09-16 11:15:21 +08:00
Lunny Xiao e5ec57cd60
Actions are no longer experimental, so enable them by default (#27054)
This PR makes the actions enabled by default, so people will find it
easier to enable actions in repository setting.
2023-09-15 06:43:39 +00:00
JakobDev c548dde205
More refactoring of db.DefaultContext (#27083)
Next step of #27065
2023-09-15 06:13:19 +00:00
JakobDev 76659b1114
Reduce usage of db.DefaultContext (#27073)
Part of #27065

This reduces the usage of `db.DefaultContext`. I think I've got enough
files for the first PR. When this is merged, I will continue working on
this.

Considering how many files this PR affect, I hope it won't take to long
to merge, so I don't end up in the merge conflict hell.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-09-14 17:09:32 +00:00
Nanguan Lin 0de09d3afc
Remove the useless function GetUserIssueStats and move relevant tests to indexer_test.go (#27067)
Since the issue indexer has been refactored, the issue overview webpage
is built by the `buildIssueOverview` function and underlying
`indexer.Search` function and `GetIssueStats` instead of
`GetUserIssueStats`. So the function is no longer used.
I moved the relevant tests to `indexer_test.go` and since the search
option changed from `IssueOptions` to `SearchOptions`, most of the tests
are useless now.
We need more tests about the db indexer because those tests are highly
connected with the issue overview webpage and now this page has several
bugs.
Any advice about those test cases is appreciated.

---------

Co-authored-by: CaiCandong <50507092+CaiCandong@users.noreply.github.com>
2023-09-14 12:35:53 -04:00
Nanguan Lin da50be7360
Replace 'userxx' with 'orgxx' in all test files when the user type is org (#27052)
Currently 'userxx' and 'orgxx' are both used as username in test files
when the user type is org, which is confusing. This PR replaces all
'userxx' with 'orgxx' when the user type is org(`user.type==1`).
Some non-trivial changes
1. Rename `user3` dir to `org3` in `tests/git-repositories-meta` 
2. Change `end` in `issue reference` because 'org3' is one char shorter
than 'user3'

![ksnip_20230913-112819](https://github.com/go-gitea/gitea/assets/70063547/442988c5-4cf4-49b8-aa01-4dd6bf0ca954)
3. Change the search result number of `user/repo2` because
`user3/repo21` can't be searched now

![ksnip_20230913-112931](https://github.com/go-gitea/gitea/assets/70063547/d9ebeba4-479f-4110-9a85-825efbc981fd)
4. Change the first org name getting from API because the result is
ordered by alphabet asc and now `org 17` is before `org25`
![JW8U7NIO(J$H
_YCRB36H)T](https://github.com/go-gitea/gitea/assets/70063547/f55a685c-cf24-40e5-a87f-3a2327319548)
![)KFD411O4I8RB5ZOH7E0
Z3](https://github.com/go-gitea/gitea/assets/70063547/a0dc3299-249c-46f6-91cb-d15d4ee88dd5)

Other modifications are just find all and replace all.
Unit tests with SQLite are all passed.

---------

Co-authored-by: caicandong <1290147055@qq.com>
2023-09-14 02:59:53 +00:00
Earl Warren 79afd280e1
fix media description render for orgmode (#26895)
- In org mode you can specify an description for media via the following
syntax `[[description][media link]]`. The description is then used as
title or alt.
- This patch fixes the rendering of the description by seperating the
description and non-description cases and using `org.String()`.
- Added unit tests.
- Inspired by
6eb20dbda9/org/html_writer.go (L406-L427)
- Resolves https://codeberg.org/Codeberg/Community/issues/848

(cherry picked from commit 8b8aab8311)

Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-09-13 05:44:59 +00:00
Nanguan Lin cda97a7253
Update status and code index after changing the default branch (#27018)
Fix #26723 
Add `ChangeDefaultBranch` to the `notifier` interface and implement it
in `indexerNotifier`. So when changing the default branch,
`indexerNotifier` sends a message to the `indexer queue` to update the
index.

---------

Co-authored-by: techknowlogick <matti@mdranta.net>
2023-09-13 04:43:31 +00:00
wxiaoguang 8ecdc93f8b
Fix object storage path handling (#27024)
Object storage path rules:

* No single `/` or `.`, use empty string for root path
* Need to use trailing `/` for a list prefix to distinguish a "dir/"
2023-09-13 01:18:52 +00:00
Earl Warren 7818121d50
S3: log human readable error on connection failure (#26856)
Should BucketExists (HeadBucket) fail because of an error related to
the connection rather than the existence of the bucket, no information
is available and the admin is left guessing.

https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html

> This action is useful to determine if a bucket exists and you have
> permission to access it. The action returns a 200 OK if the bucket
> exists and you have permission to access it.
>
> If the bucket does not exist or you do not have permission to access
> it, the HEAD request returns a generic 400 Bad Request, 403
> Forbidden or 404 Not Found code. A message body is not included, so
> you cannot determine the exception beyond these error codes.

GetBucketVersioning is used instead and exclusively dedicated to
asserting if using the connection does not return a BadRequest.
If it does the NewMinioStorage logs an error and returns. Otherwise
it keeps going knowing that BucketExists is not going to fail for
reasons unrelated to the existence of the bucket and the permissions
to access it.

(cherry picked from commit d1df4b3bc62e5e61893a923f1c4b58f084eb03af)

Refs: https://codeberg.org/forgejo/forgejo/issues/1338
2023-09-12 10:19:39 +08:00
Lunny Xiao ebff0513db
Fix context cache bug & enable context cache for dashabord commits' authors (#26991)
Unfortunately, when a system setting hasn't been stored in the database,
it cannot be cached.
Meanwhile, this PR also uses context cache for push email avatar display
which should avoid to read user table via email address again and again.

According to my local test, this should reduce dashboard elapsed time
from 150ms -> 80ms .
2023-09-11 10:14:01 +00:00
wxiaoguang 998cea5888
Use secure cookie for HTTPS sites (#26999)
If the AppURL(ROOT_URL) is an HTTPS URL, then the COOKIE_SECURE's
default value should be true.

And, if a user visits an "http" site with "https" AppURL, they won't be
able to login, and they should have been warned. The only problem is
that the "language" can't be set either in such case, while I think it
is not a serious problem, and it could be fixed easily if needed.

![image](https://github.com/go-gitea/gitea/assets/2114189/7bc9a859-dcc1-467d-bc7c-1dd6a10389e3)
2023-09-11 17:03:51 +08:00
wxiaoguang e7745c94f8
Fix INI parsing for value with trailing slash (#26995)
Fix #26977 (a temp fix)
2023-09-10 16:15:51 +00:00
wxiaoguang 4807f7be22
Clarify the git command Stdin hanging problem (#26967) 2023-09-08 13:20:38 +00:00
zareck 4e240f2304
Expanding documentation in queue.go (#26889)
A set of terminology, along with a broader description, can help more
people engage with the Gitea queue system, providing insights and
ensuring its correct use.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-09-08 05:22:43 +00:00
Lunny Xiao 4f32abaf94
move repository deletion to service layer (#26948)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-09-08 04:51:15 +00:00
CaiCandong a78c2eae24
Replace util.SliceXxx with slices.Xxx (#26958) 2023-09-07 09:37:47 +00:00
Lunny Xiao e97e883ad5
Add reverseproxy auth for API back with default disabled (#26703)
This feature was removed by #22219 to avoid possible CSRF attack.

This PR takes reverseproxy auth for API back but with default disabled.

To prevent possbile CSRF attack, the responsibility will be the
reverseproxy but not Gitea itself.

For those want to enable this `ENABLE_REVERSE_PROXY_AUTHENTICATION_API`,
they should know what they are doing.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-09-07 08:31:46 +00:00
Lunny Xiao b9df9fa2e2
Move createrepository from module to service layer (#26927)
Repository creation depends on many models, so moving it to service
layer is better.
2023-09-06 12:08:51 +00:00
FuXiaoHei 460a2b0edf
Artifacts retention and auto clean up (#26131)
Currently, Artifact does not have an expiration and automatic cleanup
mechanism, and this feature needs to be added. It contains the following
key points:

- [x] add global artifact retention days option in config file. Default
value is 90 days.
- [x] add cron task to clean up expired artifacts. It should run once a
day.
- [x] support custom retention period from `retention-days: 5` in
`upload-artifact@v3`.
- [x] artifacts link in actions view should be non-clickable text when
expired.
2023-09-06 07:41:06 +00:00
yp05327 0850be6750
Fix the display of org level badges (#26504)
Follow #24654 #22705 #24232

In some pages we still have missing badges, for example:

![image](https://github.com/go-gitea/gitea/assets/18380374/f57fae6d-95ad-4996-8881-160c9cd27768)

![image](https://github.com/go-gitea/gitea/assets/18380374/11e86d43-b715-4d14-bdf0-51bf8b5c7b01)

![image](https://github.com/go-gitea/gitea/assets/18380374/61c514e7-d8f6-4c93-a61f-60604619e3a7)
2023-09-06 14:38:14 +08:00
Lunny Xiao 540bf9fa6d
Move notification interface to services layer (#26915)
Extract from #22266
2023-09-05 18:37:47 +00:00
Lunny Xiao f064d716c3
Move feed notification service layer (#26908)
Extract from #22266
2023-09-05 13:00:52 +00:00
Lunny Xiao 6c73c0da53
Move ui notification to service layer (#26907)
Extract from #22266
2023-09-05 11:15:42 +00:00
Lunny Xiao aa678b8098
Move indexer notification to service layer (#26906)
Extract from #22266
2023-09-05 10:07:57 +00:00
Lunny Xiao a66d883a18
Move mail notification logic to service layer (#26905)
Extract from #22266
2023-09-05 17:26:59 +08:00
wxiaoguang fc039167d2
Use Go 1.21 and update dependencies (#26878)
To make sure Gitea's next release's lifecycle could have active Golang
support.

And min/max are builtin now.
2023-09-03 10:34:57 +00:00
wxiaoguang c802c46a9b
Refactor og:description to limit the max length (#26876)
1. The `og:description` should be "a one to two sentence description of
your object"
* It shouldn't output all the user inputted content -- it would be
pretty huge.
    * Maybe it only needs at most 300 bytes.
2. Do not render commit message as HTML
2023-09-03 01:43:29 +00:00
Earl Warren 4ab8e56c91
restrict certificate type for builtin SSH server (#26789)
- While doing some sanity checks over OpenSSH's code for how they handle
certificates authentication. I stumbled on an condition that checks the
certificate type is really an user certificate on the server-side
authentication. This checks seems to be a formality and just for the
sake of good domain seperation, because an user and host certificate
don't differ in their generation, verification or flags that can be
included.
- Add this check to the builtin SSH server to stay close to the
unwritten SSH specification.
- This is an breaking change for setups where the builtin SSH server is
being used and for some reason host certificates were being used for
authentication.
- 
(cherry picked from commit de35b141b7)

Refs: https://codeberg.org/forgejo/forgejo/pulls/1172

## ⚠️ BREAKING ⚠️

Like OpenSSH, the built-in SSH server will now only accept SSH user
certificates, not server certificates.

Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-09-01 13:45:22 +00:00
wxiaoguang f01bed2443
Avoid double-unescaping of form value (#26853)
1. The old `prepareQueryArg` did double-unescaping of form value.
2. By the way, remove the unnecessary `ctx.Flash = ...` in
`MockContext`.

Co-authored-by: Giteabot <teabot@gitea.io>
2023-09-01 12:01:36 +00:00
wxiaoguang e8aae43f56
Move web/api context related testing function into a separate package (#26859)
Just like `models/unittest`, the testing helper functions should be in a
separate package: `contexttest`

And complete the TODO:

> // TODO: move this function to other packages, because it depends on
"models" package
2023-09-01 11:26:07 +00:00
silverwind 3d109861dd
Render code blocks in repo description (#26830)
Backtick syntax now works in repo description too. Also, I replaced the
CSS for this was a new single class, making it more flexible and not
dependent on a parent. Also, very slightly reduced font size from 16.8px
to 16px.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-08-31 05:01:01 +00:00
techknowlogick 45976a1bde
Check blocklist for emails when adding them to account (#26812) 2023-08-30 10:46:49 -05:00
KN4CK3R 5315153059
Use Set[Type] instead of map[Type]bool/struct{}. (#26804) 2023-08-30 06:55:25 +00:00
Chongyi Zheng ad43486cd3
Fix some slice append usages (#26778)
Co-authored-by: delvh <dev.lh@web.de>
2023-08-29 15:47:26 +00:00
Eng Zer Jun ad3cbbc3b1
Remove redundant nil check in WalkGitLog (#26773)
From the Go specification:

> "1. For a nil slice, the number of iterations is 0."
https://go.dev/ref/spec#For_range

Therefore, an additional nil check for before the loop is unnecessary.

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2023-08-29 11:03:43 +00:00
yp05327 60ca3d04a4
Add fix incorrect can_create_org_repo for org owner team (#26683)
Related to: #8312 #26491

In migration v109, we only added a new column `CanCreateOrgRepo` in Team
table, but not initial the value of it.
This may cause bug like #26491.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-08-29 01:11:23 +00:00
Chongyi Zheng ac2f8c9ac6
Reduce some allocations in type conversion (#26772) 2023-08-29 00:43:16 +08:00
Bo-Yi Wu 8cd46024fd
refactor(API): refactor secret creation and update functionality (#26751)
According to the GitHub API Spec:
https://docs.github.com/en/rest/actions/secrets?apiVersion=2022-11-28#create-or-update-an-organization-secret

Merge the Create and Update secret into a single API.

- Remove the `CreateSecretOption` struct and replace it with
`CreateOrUpdateSecretOption` in `modules/structs/secret.go`
- Update the `CreateOrUpdateOrgSecret` function in
`routers/api/v1/org/action.go` to use `CreateOrUpdateSecretOption`
instead of `UpdateSecretOption`
- Remove the `CreateOrgSecret` function in
`routers/api/v1/org/action.go` and replace it with
`CreateOrUpdateOrgSecret`
- Update the Swagger documentation in
`routers/api/v1/swagger/options.go` and `templates/swagger/v1_json.tmpl`
to reflect the changes in the struct names and function names

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2023-08-28 13:08:19 +08:00
Lunny Xiao 6945918d34
Fix bug for ctx usage (#26762)
Regression from #26158

Fix #26684
2023-08-28 04:06:47 +00:00
mainboarder c533991519
Expanded minimum RSA Keylength to 3072 (#26604)
German Federal Office for Information Security requests in its technical
guideline BSI TR-02102-1 RSA Keylength not shorter than 3000bits
starting 2024, in the year 2023 3000bits as a recommendation. Gitea
should request longer RSA Keys by default in favor of security and drop
old clients which do not support longer keys.


https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.pdf?__blob=publicationFile&v=9
- Page 19, Table 1.2

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-08-28 00:53:16 +00:00