Commit Graph

4532 Commits

Author SHA1 Message Date
Giteabot 8eac16de21
Simplify mirror repository API logic (#30963) (#31009)
Backport #30963 by wxiaoguang

Fix #30921

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-18 08:26:20 +00:00
Giteabot 5b7e54f72f
Always load or generate oauth2 jwt secret (#30942) (#30978)
Backport #30942 by @wxiaoguang

 Fix #30923

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-14 15:00:38 +00:00
Giteabot 8393ff78fc
Protected tag is no internal server error (#30962) (#30970)
Backport #30962 by @KN4CK3R

Fixes #30959

Adds an API test for protected tags.
Fix existing tag in combination with fixtures.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-05-14 07:15:36 +00:00
Giteabot f806bbb815
Support using label names when changing issue labels (#30943) (#30958)
Backport #30943 by @Zettat123

Resolve #30917

Make the APIs for adding labels and replacing labels support both label
IDs and label names so the
[`actions/labeler`](https://github.com/actions/labeler) action can work
in Gitea.

<img width="600px"
src="https://github.com/go-gitea/gitea/assets/15528715/7835c771-f637-4c57-9ce5-e4fbf56fa0d3"
/>

Co-authored-by: Zettat123 <zettat123@gmail.com>
2024-05-13 14:28:11 +08:00
Giteabot 14dc00ae01
Move reverproxyauth before session so the header will not be ignored even if user has login (#27821) (#30948)
Backport #27821 by @lunny

When a user logout and then login another user, the reverseproxy auth
should be checked before session otherwise the old user is still login.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-05-12 10:25:55 +08:00
Giteabot b99473f4ec
Check if reverse proxy is correctly configured (#30890) (#30935)
Backport #30890 by wxiaoguang

Follow #27011
Follow #30885

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2024-05-10 12:34:04 +00:00
Giteabot 45475250bd
Remove deprecated stuff for runners (#30930) (#30931)
Backport #30930 by @wolfogre

It's time (maybe somewhat late) to remove some deprecated stuff for the
runner.

- `x-runner-version`: runners needn't to report version in every
request, they will call `Declare`.
- `AgentLabels`: runners will report them as `Labels`.

Co-authored-by: Jason Song <i@wolfogre.com>
2024-05-10 16:57:30 +08:00
Giteabot 2f91a461f7
Fix misspelling of mergable (#30896) (#30905)
Backport #30896 by @yp05327

https://github.com/go-gitea/gitea/pull/25812#issuecomment-2099833692
Follow #30573

Co-authored-by: yp05327 <576951401@qq.com>
2024-05-08 16:38:46 +00:00
Giteabot 084bec89ed
Fix various problems around projects board view (#30696) (#30902)
Backport #30696 by @lunny

# The problem
The previous implementation will start multiple POST requests from the
frontend when moving a column and another bug is moving the default
column will never be remembered in fact.

# What's changed

- [x] This PR will allow the default column to move to a non-first
position
- [x] And it also uses one request instead of multiple requests when
moving the columns
- [x] Use a star instead of a pin as the icon for setting the default
column action
- [x] Inserted new column will be append to the end
- [x] Fix #30701 the newly added issue will be append to the end of the
default column
- [x] Fix when deleting a column, all issues in it will be displayed
from UI but database records exist.
- [x] Add a limitation for columns in a project to 20. So the sorting
will not be overflow because it's int8.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-08 15:46:21 +00:00
Giteabot 271e8748a2
Fix wrong transfer hint (#30889) (#30900)
Backport #30889 by @lunny

Fix #30187

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-05-08 15:12:37 +00:00
Giteabot ec3f5f9992
Move database operations of merging a pull request to post receive hook and add a transaction (#30805) (#30888)
Backport #30805 by @lunny

Merging PR may fail because of various problems. The pull request may
have a dirty state because there is no transaction when merging a pull
request. ref
https://github.com/go-gitea/gitea/pull/25741#issuecomment-2074126393

This PR moves all database update operations to post-receive handler for
merging a pull request and having a database transaction. That means if
database operations fail, then the git merging will fail, the git client
will get a fail result.

There are already many tests for pull request merging, so we don't need
to add a new one.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-08 14:17:18 +00:00
wxiaoguang d4c2db39bf
Refactor AppURL usage (#30885) (#30891)
Backport #30885
Fix #30883
Fix #29591

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-05-08 13:34:43 +00:00
6543 d410e2acce
Repository explore alphabetically order respect owner name (#30882)
similar to #30784 but only for the repo explore page

is covered by #30876 for the main branch
2024-05-07 16:35:02 +00:00
wxiaoguang d5563be0ee
Make sure git version&feature are always prepared (#30877) (#30879)
Backport #30877
2024-05-07 02:07:33 +00:00
Giteabot a82e6301f7
Fix no edit history after editing issue's title and content (#30814) (#30845)
Backport #30814 by @yp05327

Fix #30807

reuse functions in services

Co-authored-by: yp05327 <576951401@qq.com>
2024-05-03 14:43:16 +00:00
Giteabot 1f9a9fab5f
Improve grep search (#30843) (#30850)
Backport #30843 by wxiaoguang

Reduce the context line number to 1, make "git grep" search respect the
include/exclude patter, and fix #30785

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-03 17:59:33 +08:00
Giteabot 7ad2d039fd
Don't only list code-enabled repositories when using repository API (#30817) (#30848)
Backport #30817 by kemzeb

We should be listing all repositories by default.

Fixes #28483.

Co-authored-by: Kemal Zebari <60799661+kemzeb@users.noreply.github.com>
2024-05-03 16:52:38 +08:00
Giteabot ab2ef1ae49
Ignore useless error message "broken pipe" (#30801) (#30842)
Backport #30801 by wxiaoguang

Fix #30792

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-03 04:20:34 +00:00
Giteabot 6d83f5eddc
Prevent automatic OAuth grants for public clients (#30790) (#30836)
Backport #30790 by archer-321

This commit forces the resource owner (user) to always approve OAuth 2.0
authorization requests if the client is public (e.g. native
applications).

As detailed in [RFC 6749 Section
10.2](https://www.rfc-editor.org/rfc/rfc6749.html#section-10.2),

> The authorization server SHOULD NOT process repeated authorization
requests automatically (without active resource owner interaction)
without authenticating the client or relying on other measures to ensure
that the repeated request comes from the original client and not an
impersonator.

With the implementation prior to this patch, attackers with access to
the redirect URI (e.g., the loopback interface for
`git-credential-oauth`) can get access to the user account without any
user interaction if they can redirect the user to the
`/login/oauth/authorize` endpoint somehow (e.g., with `xdg-open` on
Linux).

Fixes #25061.

Co-authored-by: Archer <archer@beezig.eu>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-02 19:06:32 +00:00
Giteabot 665a06c41f
Catch and handle unallowed file type errors in issue attachment API (#30791) (#30834)
Backport #30791 by kemzeb

Before, we would just throw 500 if a user passes an attachment that is
not an allowed type. This commit catches this error and throws a 422
instead since this should be considered a validation error.

Co-authored-by: Kemal Zebari <60799661+kemzeb@users.noreply.github.com>
2024-05-03 01:45:45 +08:00
Giteabot e1a79ae0bf
Skip gzip for some well-known compressed file types (#30796) (#30813)
Backport #30796 by wxiaoguang

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2024-05-02 14:50:24 +08:00
Giteabot 97a7c04a8f
Fix bleve fuzziness (#30799) (#30804)
Backport #30799 by wxiaoguang

Fix #30797
Fix #30317

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-01 12:59:59 +00:00
Giteabot dc9e795ce2
Fix issue label rendering in the issue popup (#30763) (#30773)
Backport #30763 by wxiaoguang

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-04-30 09:40:47 +00:00
Giteabot 6edee2eca4
Rename CodeIndexerEnabled to IsRepoIndexerEnabled (#30762) (#30767)
Backport #30762 by @wxiaoguang

Fix  #30761

Most places use `IsRepoIndexerEnabled` but not `CodeIndexerEnabled`, so
it should always use `IsRepoIndexerEnabled` for consistency.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-04-29 21:57:48 +00:00
Giteabot 6c86034e0f
Fix all rounded borders, change affected tab menus to pills (#30707) (#30769)
Backport #30707 by @silverwind

Fixes https://github.com/go-gitea/gitea/issues/30673, all 23 issues.
Notes:

- Tab bar menus had to change to pills because of unsolvable issue with
the border-radius as tab bar renders a overlapping border onto the box
below. And I think pills look better.
- Added padding to code editor empty preview message
- Hide monaco's built-in blue focus border, we don't need it and it
never showed before either.
- Label add menu is simplified, removing the nested segment.

<img width="1322" alt="Screenshot 2024-04-25 at 22 26 19"
src="https://github.com/go-gitea/gitea/assets/115237/7e394e0c-b7ad-417d-8e9f-12f1dea93ed1">
<img width="1326" alt="Screenshot 2024-04-25 at 22 28 00"
src="https://github.com/go-gitea/gitea/assets/115237/66c8499f-aa9f-4d95-8cca-ef13dfa82c65">
<img width="997" alt="Screenshot 2024-04-25 at 22 36 53"
src="https://github.com/go-gitea/gitea/assets/115237/07896102-c71d-4246-8173-c2bc2e1d3cae">
<img width="832" alt="Screenshot 2024-04-25 at 22 56 09"
src="https://github.com/go-gitea/gitea/assets/115237/d83afc96-08ca-4adc-baf4-3d02804be57c">
<img width="361" alt="Screenshot 2024-04-25 at 22 57 12"
src="https://github.com/go-gitea/gitea/assets/115237/c7371a68-00b5-47d8-84d0-ddc5268b2b2c">

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-04-29 21:19:44 +00:00
wxiaoguang d07019f539
Fix nil dereference on error (#30740) (#30746)
Backport #30740 manually

Co-authored-by: Chongyi Zheng <git@zcy.dev>
2024-04-29 00:23:35 +00:00
Kemal Zebari dd301cae1c
Prevent allow/reject reviews on merged/closed PRs (#30686)
Resolves #30675.
2024-04-27 11:55:03 +00:00
silverwind 9b2536b78f
Update misspell to 0.5.1 and add `misspellings.csv` (#30573)
Misspell 0.5.0 supports passing a csv file to extend the list of
misspellings, so I added some common ones from the codebase. There is at
least one typo in a API response so we need to decided whether to revert
that and then likely remove the dict entry.
2024-04-27 08:03:49 +00:00
Bo-Yi Wu 852547d0dc
feat(api): enhance Actions Secrets Management API for repository (#30656)
- Add endpoint to list repository action secrets in API routes
- Implement `ListActionsSecrets` function to retrieve action secrets
from the database
- Update Swagger documentation to include the new
`/repos/{owner}/{repo}/actions/secrets` endpoint
- Add `actions` package import and define new routes for actions,
secrets, variables, and runners in `api.go`.
- Refactor action-related API functions into `Action` struct methods in
`org/action.go` and `repo/action.go`.
- Remove `actionAPI` struct and related functions, replacing them with
`NewAction()` calls.
- Rename `variables.go` to `action.go` in `org` directory.
- Delete `runners.go` and `secrets.go` in both `org` and `repo`
directories, consolidating their content into `action.go`.
- Update copyright year and add new imports in `org/action.go`.
- Implement `API` interface in `services/actions/interface.go` for
action-related methods.
- Remove individual action-related functions and replace them with
methods on the `Action` struct in `repo/action.go`.

---------

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Signed-off-by: appleboy <appleboy.tw@gmail.com>
2024-04-26 21:11:49 +08:00
wxiaoguang 993736d838
Fix code search input for different views (#30678)
Now only show the "code search" on the repo home page, because it only
does global search.
So do not show it when viewing file or directory to avoid misleading
users (it doesn't search in a directory)
2024-04-26 11:21:04 +00:00
wxiaoguang 1e749b80d7
Add route handler info for debugging purpose (#30705)
Follow #30519
2024-04-26 09:09:49 +00:00
yp05327 2a3906d755
Improve job commit description (#30579)
Fix https://github.com/go-gitea/gitea/issues/30567

When job is a schedule:

![image](https://github.com/go-gitea/gitea/assets/18380374/b07e9d43-e8b7-4ee2-87b3-a7050c3a8ca5)
When it is a normal one:

![image](https://github.com/go-gitea/gitea/assets/18380374/0d58dab9-74bb-421b-8952-0578cdf21a52)

also add a 'space' behind  `:`

![image](https://github.com/go-gitea/gitea/assets/18380374/4cebece0-bfe6-4ad9-b806-e5c49bb9be43)


![image](https://github.com/go-gitea/gitea/assets/18380374/02da7681-474b-4c0f-9dad-b6558f6cb484)

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-04-26 02:22:45 +00:00
wxiaoguang 6a0750177f
Allow to save empty comment (#30706)
Fix #29986
2024-04-26 01:17:43 +00:00
wxiaoguang bffbbf5470
Improve oauth2 client "preferred username field" logic and the error handling (#30622)
Follow #30454
And fix #24957

When using "preferred_username", if no such field,
`extractUserNameFromOAuth2` (old `getUserName`) shouldn't return an
error. All other USERNAME options do not return such error.

And fine tune some logic and error messages, make code more stable and
more friendly to end users.
2024-04-25 11:22:32 +00:00
Lunny Xiao 8b3632435e
Fix a panic bug when head repository deleting (#30674)
When visiting a pull request files which head repository has been
deleted, it will panic because headrepo is nil.
2024-04-24 13:26:50 +08:00
wxiaoguang b79e3db264
Initial support for colorblindness-friendly themes (#30625)
Initial support for #25680

This PR only adds some simple styles from GitHub, it is big enough and
it focuses on adding the necessary framework-level supports. More styles
could be fine-tuned later.
2024-04-24 00:18:41 +08:00
Lunny Xiao 8924d9b2ef
Fix compare api swagger (#30648)
The swagger format on #30349 is not right. This PR will fix it.
2024-04-23 02:22:43 +00:00
silverwind 74f0c84fa4
Enable more `revive` linter rules (#30608)
Noteable additions:

- `redefines-builtin-id` forbid variable names that shadow go builtins
- `empty-lines` remove unnecessary empty lines that `gofumpt` does not
remove for some reason
- `superfluous-else` eliminate more superfluous `else` branches

Rules are also sorted alphabetically and I cleaned up various parts of
`.golangci.yml`.
2024-04-22 11:48:42 +00:00
Bo-Yi Wu 6459c50278
fix(api): refactor branch and tag existence checks (#30618)
- Update branch existence check to also include tag existence check
- Adjust error message for branch/tag existence check

ref: https://github.com/go-gitea/gitea/pull/30349

---------

Signed-off-by: appleboy <appleboy.tw@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2024-04-22 00:19:59 +02:00
Lunny Xiao e865de1e9d
Use maintained gziphandler (#30592)
Replace #27894

---------

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-04-21 00:53:45 +00:00
wxiaoguang 48d4580dd5
Clarify permission "HasAccess" behavior (#30585)
Follow #30495

"HasAccess" behavior wasn't clear, to make it clear:

* Use a new name `HasAnyUnitAccess`, it will be easier to review related
code and permission problems.
* Separate everyone access mode to a separate field, then all calls to
HasAccess are reverted to old behavior before #30495.
* Add new tests.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2024-04-20 03:15:04 +00:00
wxiaoguang f60e1a1af2
Fix HEAD method for robots.txt (#30603)
Fix #30601
2024-04-19 21:43:56 +08:00
wxiaoguang eb24d973b0
Fix project description rendering for org (#30587)
Fix #30263


![image](https://github.com/go-gitea/gitea/assets/2114189/41cabe6c-f94a-4874-a26f-d01bb89bb28c)

Co-authored-by: Giteabot <teabot@gitea.io>
2024-04-19 07:58:56 +00:00
wxiaoguang d1ba5f431b
Some following up changes for routes (#30550)
1. Switch back to the old order for `reqRepoAdmin, context.RepoRef()`
2. Add a routing function info for global NotFound
2024-04-18 09:36:19 +00:00
6543 be5be0ac81
Expose fuzzy search for issues/pulls (#29701)
close  #29685

---------

Signed-off-by: 6543 <6543@obermui.de>
Co-authored-by: silverwind <me@silverwind.io>
2024-04-18 00:16:52 +00:00
wxiaoguang 3feba9f1f4
Allow everyone to read or write a wiki by a repo unit setting (#30495)
Replace #6312
Help #5833
Wiki solution for #639
2024-04-17 15:58:37 +00:00
Michael Kriese bafb80f80d
Support nuspec manifest download for nuget packages (#28921)
Support downloading nuget nuspec manifest[^1]. This is useful for
renovate because it uses this api to find the corresponding repository

- Store nuspec along with nupkg on upload
- allow downloading nuspec
- add doctor command to add missing nuspec files 


[^1]:
https://learn.microsoft.com/en-us/nuget/api/package-base-address-resource#download-package-manifest-nuspec

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-04-17 15:30:41 +00:00
Edward Zhang 02e183bf3f
Fix branch_protection api shows users/teams who has no readAccess (#30291)
Add some logic in `convert.ToBranchProtection` to return only the names
associated with readAccess instead of returning all names. This will
ensure consistency in behavior between the frontend and backend.
Fixes: #27694

---------

Co-authored-by: techknowlogick <techknowlogick@gitea.com>
Co-authored-by: wenzhuo.zhang <wenzhuo.zhang@geely.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2024-04-17 15:24:07 +02:00
wxiaoguang 3e2e76e248
Refactor web routes (#30519)
Re-organize the routes in web.go and use ctx constants instead of `context.UnitTypes()`

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2024-04-17 08:31:37 +00:00
SimonErm 6ba0c371c2
Allow `preferred_username` as username source for OIDC (#30454)
This PR adds the preferred_username claim as a possible username source
for the oauth2_client.

Closes #21518
2024-04-16 05:41:39 +00:00