mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-16 03:05:09 +00:00
061b68e995
Backport #25330 # The problem There were many "path tricks": * By default, Gitea uses its program directory as its work path * Gitea tries to use the "work path" to guess its "custom path" and "custom conf (app.ini)" * Users might want to use other directories as work path * The non-default work path should be passed to Gitea by GITEA_WORK_DIR or "--work-path" * But some Gitea processes are started without these values * The "serv" process started by OpenSSH server * The CLI sub-commands started by site admin * The paths are guessed by SetCustomPathAndConf again and again * The default values of "work path / custom path / custom conf" can be changed when compiling # The solution * Use `InitWorkPathAndCommonConfig` to handle these path tricks, and use test code to cover its behaviors. * When Gitea's web server runs, write the WORK_PATH to "app.ini", this value must be the most correct one, because if this value is not right, users would find that the web UI doesn't work and then they should be able to fix it. * Then all other sub-commands can use the WORK_PATH in app.ini to initialize their paths. * By the way, when Gitea starts for git protocol, it shouldn't output any log, otherwise the git protocol gets broken and client blocks forever. The "work path" priority is: WORK_PATH in app.ini > cmd arg --work-path > env var GITEA_WORK_DIR > builtin default The "app.ini" searching order is: cmd arg --config > cmd arg "work path / custom path" > env var "work path / custom path" > builtin default ## ⚠️ BREAKING If your instance's "work path / custom path / custom conf" doesn't meet the requirements (eg: work path must be absolute), Gitea will report a fatal error and exit. You need to set these values according to the error log.
229 lines
6.9 KiB
Go
229 lines
6.9 KiB
Go
// Copyright 2014 The Gogs Authors. All rights reserved.
|
|
// Copyright 2019 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package admin
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
"net/url"
|
|
"strconv"
|
|
"strings"
|
|
|
|
system_model "code.gitea.io/gitea/models/system"
|
|
"code.gitea.io/gitea/modules/base"
|
|
"code.gitea.io/gitea/modules/context"
|
|
"code.gitea.io/gitea/modules/git"
|
|
"code.gitea.io/gitea/modules/json"
|
|
"code.gitea.io/gitea/modules/log"
|
|
"code.gitea.io/gitea/modules/setting"
|
|
"code.gitea.io/gitea/modules/util"
|
|
"code.gitea.io/gitea/services/mailer"
|
|
|
|
"gitea.com/go-chi/session"
|
|
)
|
|
|
|
const tplConfig base.TplName = "admin/config"
|
|
|
|
// SendTestMail send test mail to confirm mail service is OK
|
|
func SendTestMail(ctx *context.Context) {
|
|
email := ctx.FormString("email")
|
|
// Send a test email to the user's email address and redirect back to Config
|
|
if err := mailer.SendTestMail(email); err != nil {
|
|
ctx.Flash.Error(ctx.Tr("admin.config.test_mail_failed", email, err))
|
|
} else {
|
|
ctx.Flash.Info(ctx.Tr("admin.config.test_mail_sent", email))
|
|
}
|
|
|
|
ctx.Redirect(setting.AppSubURL + "/admin/config")
|
|
}
|
|
|
|
func shadowPasswordKV(cfgItem, splitter string) string {
|
|
fields := strings.Split(cfgItem, splitter)
|
|
for i := 0; i < len(fields); i++ {
|
|
if strings.HasPrefix(fields[i], "password=") {
|
|
fields[i] = "password=******"
|
|
break
|
|
}
|
|
}
|
|
return strings.Join(fields, splitter)
|
|
}
|
|
|
|
func shadowURL(provider, cfgItem string) string {
|
|
u, err := url.Parse(cfgItem)
|
|
if err != nil {
|
|
log.Error("Shadowing Password for %v failed: %v", provider, err)
|
|
return cfgItem
|
|
}
|
|
if u.User != nil {
|
|
atIdx := strings.Index(cfgItem, "@")
|
|
if atIdx > 0 {
|
|
colonIdx := strings.LastIndex(cfgItem[:atIdx], ":")
|
|
if colonIdx > 0 {
|
|
return cfgItem[:colonIdx+1] + "******" + cfgItem[atIdx:]
|
|
}
|
|
}
|
|
}
|
|
return cfgItem
|
|
}
|
|
|
|
func shadowPassword(provider, cfgItem string) string {
|
|
switch provider {
|
|
case "redis":
|
|
return shadowPasswordKV(cfgItem, ",")
|
|
case "mysql":
|
|
// root:@tcp(localhost:3306)/macaron?charset=utf8
|
|
atIdx := strings.Index(cfgItem, "@")
|
|
if atIdx > 0 {
|
|
colonIdx := strings.Index(cfgItem[:atIdx], ":")
|
|
if colonIdx > 0 {
|
|
return cfgItem[:colonIdx+1] + "******" + cfgItem[atIdx:]
|
|
}
|
|
}
|
|
return cfgItem
|
|
case "postgres":
|
|
// user=jiahuachen dbname=macaron port=5432 sslmode=disable
|
|
if !strings.HasPrefix(cfgItem, "postgres://") {
|
|
return shadowPasswordKV(cfgItem, " ")
|
|
}
|
|
fallthrough
|
|
case "couchbase":
|
|
return shadowURL(provider, cfgItem)
|
|
// postgres://pqgotest:password@localhost/pqgotest?sslmode=verify-full
|
|
// Notice: use shadowURL
|
|
}
|
|
return cfgItem
|
|
}
|
|
|
|
// Config show admin config page
|
|
func Config(ctx *context.Context) {
|
|
ctx.Data["Title"] = ctx.Tr("admin.config")
|
|
ctx.Data["PageIsAdminConfig"] = true
|
|
|
|
systemSettings, err := system_model.GetAllSettings(ctx)
|
|
if err != nil {
|
|
ctx.ServerError("system_model.GetAllSettings", err)
|
|
return
|
|
}
|
|
|
|
// All editable settings from UI
|
|
ctx.Data["SystemSettings"] = systemSettings
|
|
ctx.PageData["adminConfigPage"] = true
|
|
|
|
ctx.Data["CustomConf"] = setting.CustomConf
|
|
ctx.Data["AppUrl"] = setting.AppURL
|
|
ctx.Data["AppBuiltWith"] = setting.AppBuiltWith
|
|
ctx.Data["Domain"] = setting.Domain
|
|
ctx.Data["OfflineMode"] = setting.OfflineMode
|
|
ctx.Data["RunUser"] = setting.RunUser
|
|
ctx.Data["RunMode"] = util.ToTitleCase(setting.RunMode)
|
|
ctx.Data["GitVersion"] = git.VersionInfo()
|
|
|
|
ctx.Data["RepoRootPath"] = setting.RepoRootPath
|
|
ctx.Data["CustomRootPath"] = setting.CustomPath
|
|
ctx.Data["StaticRootPath"] = setting.StaticRootPath
|
|
ctx.Data["LogRootPath"] = setting.Log.RootPath
|
|
ctx.Data["ScriptType"] = setting.ScriptType
|
|
ctx.Data["ReverseProxyAuthUser"] = setting.ReverseProxyAuthUser
|
|
ctx.Data["ReverseProxyAuthEmail"] = setting.ReverseProxyAuthEmail
|
|
|
|
ctx.Data["SSH"] = setting.SSH
|
|
ctx.Data["LFS"] = setting.LFS
|
|
|
|
ctx.Data["Service"] = setting.Service
|
|
ctx.Data["DbCfg"] = setting.Database
|
|
ctx.Data["Webhook"] = setting.Webhook
|
|
|
|
ctx.Data["MailerEnabled"] = false
|
|
if setting.MailService != nil {
|
|
ctx.Data["MailerEnabled"] = true
|
|
ctx.Data["Mailer"] = setting.MailService
|
|
}
|
|
|
|
ctx.Data["CacheAdapter"] = setting.CacheService.Adapter
|
|
ctx.Data["CacheInterval"] = setting.CacheService.Interval
|
|
|
|
ctx.Data["CacheConn"] = shadowPassword(setting.CacheService.Adapter, setting.CacheService.Conn)
|
|
ctx.Data["CacheItemTTL"] = setting.CacheService.TTL
|
|
|
|
sessionCfg := setting.SessionConfig
|
|
if sessionCfg.Provider == "VirtualSession" {
|
|
var realSession session.Options
|
|
if err := json.Unmarshal([]byte(sessionCfg.ProviderConfig), &realSession); err != nil {
|
|
log.Error("Unable to unmarshall session config for virtual provider config: %s\nError: %v", sessionCfg.ProviderConfig, err)
|
|
}
|
|
sessionCfg.Provider = realSession.Provider
|
|
sessionCfg.ProviderConfig = realSession.ProviderConfig
|
|
sessionCfg.CookieName = realSession.CookieName
|
|
sessionCfg.CookiePath = realSession.CookiePath
|
|
sessionCfg.Gclifetime = realSession.Gclifetime
|
|
sessionCfg.Maxlifetime = realSession.Maxlifetime
|
|
sessionCfg.Secure = realSession.Secure
|
|
sessionCfg.Domain = realSession.Domain
|
|
}
|
|
sessionCfg.ProviderConfig = shadowPassword(sessionCfg.Provider, sessionCfg.ProviderConfig)
|
|
ctx.Data["SessionConfig"] = sessionCfg
|
|
|
|
ctx.Data["Git"] = setting.Git
|
|
ctx.Data["AccessLogTemplate"] = setting.Log.AccessLogTemplate
|
|
ctx.Data["LogSQL"] = setting.Database.LogSQL
|
|
|
|
ctx.Data["Loggers"] = log.GetManager().DumpLoggers()
|
|
|
|
ctx.HTML(http.StatusOK, tplConfig)
|
|
}
|
|
|
|
func ChangeConfig(ctx *context.Context) {
|
|
key := strings.TrimSpace(ctx.FormString("key"))
|
|
if key == "" {
|
|
ctx.JSON(http.StatusOK, map[string]string{
|
|
"redirect": ctx.Req.URL.String(),
|
|
})
|
|
return
|
|
}
|
|
value := ctx.FormString("value")
|
|
version := ctx.FormInt("version")
|
|
|
|
if check, ok := changeConfigChecks[key]; ok {
|
|
if err := check(ctx, value); err != nil {
|
|
log.Warn("refused to set setting: %v", err)
|
|
ctx.JSON(http.StatusOK, map[string]string{
|
|
"err": ctx.Tr("admin.config.set_setting_failed", key),
|
|
})
|
|
return
|
|
}
|
|
}
|
|
|
|
if err := system_model.SetSetting(ctx, &system_model.Setting{
|
|
SettingKey: key,
|
|
SettingValue: value,
|
|
Version: version,
|
|
}); err != nil {
|
|
log.Error("set setting failed: %v", err)
|
|
ctx.JSON(http.StatusOK, map[string]string{
|
|
"err": ctx.Tr("admin.config.set_setting_failed", key),
|
|
})
|
|
return
|
|
}
|
|
|
|
ctx.JSON(http.StatusOK, map[string]interface{}{
|
|
"version": version + 1,
|
|
})
|
|
}
|
|
|
|
var changeConfigChecks = map[string]func(ctx *context.Context, newValue string) error{
|
|
system_model.KeyPictureDisableGravatar: func(_ *context.Context, newValue string) error {
|
|
if v, _ := strconv.ParseBool(newValue); setting.OfflineMode && !v {
|
|
return fmt.Errorf("%q should be true when OFFLINE_MODE is true", system_model.KeyPictureDisableGravatar)
|
|
}
|
|
return nil
|
|
},
|
|
system_model.KeyPictureEnableFederatedAvatar: func(_ *context.Context, newValue string) error {
|
|
if v, _ := strconv.ParseBool(newValue); setting.OfflineMode && v {
|
|
return fmt.Errorf("%q cannot be false when OFFLINE_MODE is true", system_model.KeyPictureEnableFederatedAvatar)
|
|
}
|
|
return nil
|
|
},
|
|
}
|