Commit Graph

97 Commits

Author SHA1 Message Date
Lunny Xiao 87c64f655a
Fix permission check on issue/pull lock (#22110)
Fix #21826
2022-12-12 23:02:51 +08:00
Lunny Xiao 6398ca745a
refactor bind functions based on generics (#22055) 2022-12-12 16:09:26 +08:00
flynnnnnnnnnn e81ccc406b
Implement FSFE REUSE for golang files (#21840)
Change all license headers to comply with REUSE specification.

Fix #16132

Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2022-11-27 18:20:29 +00:00
Xinyu Zhou b4802b9b2e
Allow disable RSS/Atom feed (#21622)
This patch provide a mechanism to disable RSS/Atom feed.

Signed-off-by: Xinyu Zhou <i@sourcehut.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-11-21 13:14:58 +08:00
KN4CK3R 32db62515f
Add package registry cleanup rules (#21658)
Fixes #20514
Fixes #20766
Fixes #20631

This PR adds Cleanup Rules for the package registry. This allows to
delete unneeded packages automatically. Cleanup rules can be set up from
the user or org settings.
Please have a look at the documentation because I'm not a native english
speaker.

Rule Form

![grafik](https://user-images.githubusercontent.com/1666336/199330792-c13918a6-e196-4e71-9f53-18554515edca.png)

Rule List

![grafik](https://user-images.githubusercontent.com/1666336/199331261-5f6878e8-a80c-4985-800d-ebb3524b1a8d.png)

Rule Preview

![grafik](https://user-images.githubusercontent.com/1666336/199330917-c95e4017-cf64-4142-a3e4-af18c4f127c3.png)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-20 16:08:38 +02:00
KN4CK3R 43ab9324c5
Fix setting HTTP headers after write (#21833)
The headers can't be modified after it was send to the client.
2022-11-18 01:55:15 +08:00
Drew Noel 2cbea23d70
Add configuration for CORS allowed headers (#21747)
This PR enhances the CORS middleware usage by allowing for the headers
to be configured in `app.ini`.

Fixes #21746

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-11 14:39:27 +08:00
Gusted 7b45092d66
Remove template previewer (#21701)
- Remove "unused" code, I don't think anyone ever used this or was aware
of this feature. It doesn't even work properly as most fields/data are
empty.
2022-11-06 20:13:54 +00:00
Xinyu Zhou 100448a007
Allow disable sitemap (#21617)
This patch provide a mechanism to disable
[sitemap](https://github.com/go-gitea/gitea/pull/18407).

Signed-off-by: Xinyu Zhou <i@sourcehut.net>
Co-authored-by: 6543 <6543@obermui.de>
2022-10-28 11:17:38 -04:00
rock2dust cd33979f5a
Added check for disabled Packages (#21540)
At the moment, If admin disable Packages, still show the Packages on the
admin dashboard

This patch added a check to hide the Packages entry

Signed-off-by: baronbunny <its@baronbunny.cn>

Signed-off-by: baronbunny <its@baronbunny.cn>
2022-10-22 11:24:09 +08:00
KN4CK3R c3b2e44392
Add team member invite by email (#20307)
Allows to add (not registered) team members by email.

related #5353

Invite by mail:

![grafik](https://user-images.githubusercontent.com/1666336/178154779-adcc547f-c0b7-4a2a-a131-4e41a3d9d3ad.png)

Pending invitations:

![grafik](https://user-images.githubusercontent.com/1666336/178154882-9d739bb8-2b04-46c1-a025-c1f4be26af98.png)

Email:

![grafik](https://user-images.githubusercontent.com/1666336/178164716-f2f90893-7ba6-4a5e-a3db-42538a660258.png)

Join form:

![grafik](https://user-images.githubusercontent.com/1666336/178154840-aaab983a-d922-4414-b01a-9b1a19c5cef7.png)

Co-authored-by: Jack Hay <jjphay@gmail.com>
2022-10-19 14:40:28 +02:00
Lunny Xiao f860a6d2e4
Add system setting table with cache and also add cache supports for user setting (#18058) 2022-10-17 07:29:26 +08:00
qwerty287 a902af75f4
Support instance-wide OAuth2 applications (#21335)
Support OAuth2 applications created by admins on the admin panel, they
aren't owned by anybody.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2022-10-12 22:08:29 +08:00
Lauris BH b59b0cad0a
Add user/organization code search (#19977)
Fixes #19925 

Screenshots:

![attels](https://user-images.githubusercontent.com/165205/173864718-fe789429-55bc-4cad-808c-9f02f335cddf.png)
2022-10-11 00:12:03 +01:00
qwerty287 a813c9d8f3
Allow creation of OAuth2 applications for orgs (#18084)
Adds the settings pages to create OAuth2 apps also to the org settings
and allows to create apps for orgs.

Refactoring: the oauth2 related templates are shared for
instance-wide/org/user, and the backend code uses `OAuth2CommonHandlers`
to share code for instance-wide/org/user.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-09 20:07:41 +08:00
qwerty287 08609d439d
Add pages to view watched repos and subscribed issues/PRs (#17156)
Adds GitHub-like pages to view watched repos and subscribed issues/PRs
This is my second try to fix this, but it is better than the first since
it doesn't uses a filter option which could be slow when accessing
`/issues` or `/pulls` and it shows both pulls and issues (the first try
is #17053).

Closes #16111 
Replaces and closes #17053


![Screenshot](https://user-images.githubusercontent.com/80460567/134782937-3112f7da-425a-45b6-9511-5c9695aee896.png)

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-29 22:09:14 +03:00
zeripath bb0ff77e46
Share HTML template renderers and create a watcher framework (#20218)
The recovery, API, Web and package frameworks all create their own HTML
Renderers. This increases the memory requirements of Gitea
unnecessarily with duplicate templates being kept in memory.

Further the reloading framework in dev mode for these involves locking
and recompiling all of the templates on each load. This will potentially
hide concurrency issues and it is inefficient.

This PR stores the templates renderer in the context and stores this
context in the NormalRoutes, it then creates a fsnotify.Watcher
framework to watch files.

The watching framework is then extended to the mailer templates which
were previously not being reloaded in dev.

Then the locales are simplified to a similar structure.

Fix #20210 
Fix #20211
Fix #20217

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-08-28 10:43:25 +01:00
oliverpool 0a9ed54abb
refactor webhook *EditPost (#20780) 2022-08-23 02:52:35 -04:00
KN4CK3R 2b101994a6
Fix init mail render logic (#20704)
This bug affects tests which are sending emails (#20307). Some tests reinitialise the web routes (like `TestNodeinfo`) which messed up the mail templates. There is no reason why the templates should be loaded in the routes method.
2022-08-08 20:04:28 +02:00
Lunny Xiao 589677fafb
Add disable download source configuration (#20548)
Add configuration to enable/disable download source from UI.

Co-authored-by: zeripath <art27@cantab.net>
2022-07-31 18:57:02 +02:00
zeripath a2cfcdb91a
Slightly simplify LastCommitCache (#20444)
The LastCommitCache code is a little complex and there is unnecessary
duplication between the gogit and nogogit variants.

This PR adds the LastCommitCache as a field to the git.Repository and
pre-creates it in the ReferencesGit helpers etc. There has been some
simplification and unification of the variant code.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-07-25 16:39:42 +01:00
a1012112796 4f267ef643
Allow access to the Public Organization Member lists with minimal permissions (#20330)
Examining Organization membership should not necessarily require sign-in if the organization is public and the members are public. Therefore we should adjust `/org/{org}/members` to not require login.

Fix #7501

Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: zeripath <art27@cantab.net>
2022-07-15 15:21:54 +01:00
luzpaz d29d6d1991
Fix various typos (#20338)
* Fix various typos

Found via `codespell -q 3 -S ./options/locale,./options/license,./public/vendor -L actived,allways,attachements,ba,befores,commiter,pullrequest,pullrequests,readby,splitted,te,unknwon`

Co-authored-by: zeripath <art27@cantab.net>
2022-07-12 23:32:37 +02:00
Lunny Xiao 184a7d4195
Check if project has the same repository id with issue when assign project to issue (#20133)
* Check if project has the same repository id with issue when assign project to issue

* Check if issue's repository id match project's repository id

* Add more permission checking

* Remove invalid argument

* Fix errors

* Add generic check

* Remove duplicated check

* Return error + add check for new issues

* Apply suggestions from code review

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>

Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: 6543 <6543@obermui.de>
2022-06-30 23:55:08 +08:00
Daniil Gentili 95383b7a16
Add sitemap support (#18407) 2022-06-25 19:06:01 +02:00
Lunny Xiao d0507efb6a
Fix wrong login requirement routers (#20101) 2022-06-23 12:56:39 +02:00
Wim cb50375e2b
Add more linters to improve code readability (#19989)
Add nakedret, unconvert, wastedassign, stylecheck and nolintlint linters to improve code readability

- nakedret - https://github.com/alexkohler/nakedret - nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.
- unconvert - https://github.com/mdempsky/unconvert - Remove unnecessary type conversions
- wastedassign - https://github.com/sanposhiho/wastedassign -  wastedassign finds wasted assignment statements.
- notlintlint -  Reports ill-formed or insufficient nolint directives
- stylecheck - https://staticcheck.io/docs/checks/#ST - keep style consistent
  - excluded: [ST1003 - Poorly chosen identifier](https://staticcheck.io/docs/checks/#ST1003) and [ST1005 - Incorrectly formatted error string](https://staticcheck.io/docs/checks/#ST1005)
2022-06-20 12:02:49 +02:00
Lunny Xiao b01dce2a6e
Allow render HTML with css/js external links (#19017)
* Allow render HTML with css/js external links

* Fix bug because of filename escape chars

* Fix lint

* Update docs about new configuration item

* Fix bug of render HTML in sub directory

* Add CSP head for displaying iframe in rendering file

* Fix test

* Apply suggestions from code review

Co-authored-by: delvh <dev.lh@web.de>

* Some improvements

* some improvement

* revert change in SanitizerDisabled of external renderer

* Add sandbox for iframe and support allow-scripts and allow-same-origin

* refactor

* fix

* fix lint

* fine tune

* use single option RENDER_CONTENT_MODE, use sandbox=allow-scripts

* fine tune CSP

* Apply suggestions from code review

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-06-16 11:33:23 +08:00
Gusted edf14202fe
Unify repo settings & show better error (#19828)
* Unify context data
* Actually show invalid url in error
2022-06-12 13:43:27 +08:00
xkcdstickfigure 47bb06236d
fixed comment typo (#19944) 2022-06-11 14:54:08 -04:00
6543 a9cc9c0f7a
Auto merge pull requests when all checks succeeded via WebUI (#19648)
Add WebUI part of Auto merge feature

close #19621

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
2022-06-11 16:44:20 +02:00
Roger Luo 2ae45cebbf
Feature: Find files in repo (#15028)
* Create finding files page ui in repo page

* Get tree entries for find repo files.

* Move find files JS to individual file.

* gen swagger.

* Add enry.IsVendor to exclude entries

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-06-09 14:15:08 +03:00
Gusted 744e452185
Move `/info` outside authorization (#19888)
- To use the web's API to get information about a issue/pull on a
repository, doesn't require authorization(nor that the repository isn't
archived).
- Regressed by: #19318


Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2022-06-04 21:10:54 +01:00
Mai-Lapyst 4698a1ec47
Adding button to link accounts from user settings (#19792)
* Adding button to link accounts from user settings

* Only display button to link user accounts when at least one OAuth2 provider is active
2022-05-29 02:03:17 +02:00
KN4CK3R 3da9dafc60
Add Webfinger endpoint (#19462)
This adds the [Webfinger](https://webfinger.net/) endpoint for federation.

Supported schemes are `acct` and `mailto`. The profile and avatar url are returned as metadata.
2022-05-09 20:20:21 +02:00
delvh 5ca224a789
Allow to mark files in a PR as viewed (#19007)
Users can now mark files in PRs as viewed, resulting in them not being shown again by default when they reopen the PR again.
2022-05-07 20:28:10 +02:00
ttys3 e933f31426
Add health check endpoint (#18465)
* chore: add health check endpoint

docs: update document about health check

fix: fix up Sqlite3 ping. current ping will success even if the db file is missing

fix: do not expose privacy information in output field

* refactor: remove HealthChecker struct

* Added `/api/healthz` to install routes.

This was needed for using /api/healthz endpoint in Docker healthchecks,
otherwise, Docker would never become healthy if using healthz endpoint
and users would not be able to complete the installation of Gitea.

* Update modules/cache/cache.go

* fine tune

* Remove unnecessary test code. Now there are 2 routes for installation (and maybe more in future)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Marcos de Oliveira <marcossantos@furb.br>
2022-05-04 14:56:20 +03:00
qwerty287 8eb1cd9264
Add "Allow edits from maintainer" feature (#18002)
Adds a feature [like GitHub has](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork) (step 7).
If you create a new PR from a forked repo, you can select (and change later, but only if you are the PR creator/poster) the "Allow edits from maintainers" option.
Then users with write access to the base branch get more permissions on this branch:
* use the update pull request button
* push directly from the command line (`git push`)
* edit/delete/upload files via web UI
* use related API endpoints

You can't merge PRs to this branch with this enabled, you'll need "full" code write permissions.

This feature has a pretty big impact on the permission system. I might forgot changing some things or didn't find security vulnerabilities. In this case, please leave a review or comment on this PR.

Closes #17728

Co-authored-by: 6543 <6543@obermui.de>
2022-04-28 17:45:33 +02:00
Gusted 0d3d9675c6
Fix middleware function's placements for some `/user/...` (#19377)
- Add reqSignIn to `/user/task/{task}` as it specific to a logged in user currently not-logged in user could cause a NPE.
- Move `/user/stopwatch` & `/user/search` middleware before the actual function is called, because functions are executed in order and currently hadn't any effect and could as well cause a NPE due to that.
- Remove `/user/active` reqSignIn middleware, because when you want to active a account you're not "signed in" so it doesn't make sense to add that middleware.
2022-04-12 10:02:58 +08:00
Lunny Xiao 3c3d49899f
Remove dependent on session auth for api/v1 routers (#19321)
* Remove dependent on session auth for api/v1 routers

* Remove unnecessary session on API context

* remove missed header

* fix test

* fix missed api/v1
2022-04-08 06:22:10 +02:00
Lunny Xiao 783a021889
Never use /api/v1 from Gitea UI Pages (#19318)
Reusing `/api/v1` from Gitea UI Pages have pros and cons.
Pros:
1) Less code copy

Cons:
1) API/v1 have to support shared session with page requests.
2) You need to consider for each other when you want to change something about api/v1 or page.

This PR moves all dependencies to API/v1 from UI Pages.

Partially replace #16052
2022-04-07 20:59:56 +02:00
Lunny Xiao 420851ca1f
Fix global packages enabled avaiable (#19276)
Fix #19275
2022-03-31 19:31:53 +02:00
zeripath c88547ce71
Add Goroutine stack inspector to admin/monitor (#19207)
Continues on from #19202.

Following the addition of pprof labels we can now more easily understand the relationship between a goroutine and the requests that spawn them. 

This PR takes advantage of the labels and adds a few others, then provides a mechanism for the monitoring page to query the pprof goroutine profile.

The binary profile that results from this profile is immediately piped in to the google library for parsing this and then stack traces are formed for the goroutines.

If the goroutine is within a context or has been created from a goroutine within a process context it will acquire the process description labels for that process. 

The goroutines are mapped with there associate pids and any that do not have an associated pid are placed in a group at the bottom as unbound.

In this way we should be able to more easily examine goroutines that have been stuck.

A manager command `gitea manager processes` is also provided that can export the processes (with or without stacktraces) to the command line.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-31 19:01:43 +02:00
KN4CK3R 1d332342db
Add Package Registry (#16510)
* Added package store settings.

* Added models.

* Added generic package registry.

* Added tests.

* Added NuGet package registry.

* Moved service index to api file.

* Added NPM package registry.

* Added Maven package registry.

* Added PyPI package registry.

* Summary is deprecated.

* Changed npm name.

* Sanitize project url.

* Allow only scoped packages.

* Added user interface.

* Changed method name.

* Added missing migration file.

* Set page info.

* Added documentation.

* Added documentation links.

* Fixed wrong error message.

* Lint template files.

* Fixed merge errors.

* Fixed unit test storage path.

* Switch to json module.

* Added suggestions.

* Added package webhook.

* Add package api.

* Fixed swagger file.

* Fixed enum and comments.

* Fixed NuGet pagination.

* Print test names.

* Added api tests.

* Fixed access level.

* Fix User unmarshal.

* Added RubyGems package registry.

* Fix lint.

* Implemented io.Writer.

* Added support for sha256/sha512 checksum files.

* Improved maven-metadata.xml support.

* Added support for symbol package uploads.

* Added tests.

* Added overview docs.

* Added npm dependencies and keywords.

* Added no-packages information.

* Display file size.

* Display asset count.

* Fixed filter alignment.

* Added package icons.

* Formatted instructions.

* Allow anonymous package downloads.

* Fixed comments.

* Fixed postgres test.

* Moved file.

* Moved models to models/packages.

* Use correct error response format per client.

* Use simpler search form.

* Fixed IsProd.

* Restructured data model.

* Prevent empty filename.

* Fix swagger.

* Implemented user/org registry.

* Implemented UI.

* Use GetUserByIDCtx.

* Use table for dependencies.

* make svg

* Added support for unscoped npm packages.

* Add support for npm dist tags.

* Added tests for npm tags.

* Unlink packages if repository gets deleted.

* Prevent user/org delete if a packages exist.

* Use package unlink in repository service.

* Added support for composer packages.

* Restructured package docs.

* Added missing tests.

* Fixed generic content page.

* Fixed docs.

* Fixed swagger.

* Added missing type.

* Fixed ambiguous column.

* Organize content store by sha256 hash.

* Added admin package management.

* Added support for sorting.

* Add support for multiple identical versions/files.

* Added missing repository unlink.

* Added file properties.

* make fmt

* lint

* Added Conan package registry.

* Updated docs.

* Unify package names.

* Added swagger enum.

* Use longer TEXT column type.

* Removed version composite key.

* Merged package and container registry.

* Removed index.

* Use dedicated package router.

* Moved files to new location.

* Updated docs.

* Fixed JOIN order.

* Fixed GROUP BY statement.

* Fixed GROUP BY #2.

* Added symbol server support.

* Added more tests.

* Set NOT NULL.

* Added setting to disable package registries.

* Moved auth into service.

* refactor

* Use ctx everywhere.

* Added package cleanup task.

* Changed packages path.

* Added container registry.

* Refactoring

* Updated comparison.

* Fix swagger.

* Fixed table order.

* Use token auth for npm routes.

* Enabled ReverseProxy auth.

* Added packages link for orgs.

* Fixed anonymous org access.

* Enable copy button for setup instructions.

* Merge error

* Added suggestions.

* Fixed merge.

* Handle "generic".

* Added link for TODO.

* Added suggestions.

* Changed temporary buffer filename.

* Added suggestions.

* Apply suggestions from code review

Co-authored-by: Thomas Boerger <thomas@webhippie.de>

* Update docs/content/doc/packages/nuget.en-us.md

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Thomas Boerger <thomas@webhippie.de>
2022-03-30 16:42:47 +08:00
wxiaoguang d4c789dfc1
Refactor repo clone button and repo clone links, fix JS error on empty repo page (#19208)
The last PR about clone buttons introduced an JS error when visiting an empty repo page:
* https://github.com/go-gitea/gitea/pull/19028
* `Uncaught ReferenceError: isSSH is not defined`, because the variables are scoped and doesn't share between sub templates.

This:
1. Simplify `templates/repo/clone_buttons.tmpl` and make code clear
2. Move most JS code into `initRepoCloneLink`
3. Remove unused `CloneLink.Git`
4. Remove `ctx.Data["DisableSSH"] / ctx.Data["ExposeAnonSSH"] / ctx.Data["DisableHTTP"]`, and only set them when is is needed (eg: deploy keys / ssh keys)
5. Introduce `Data["CloneButton*"]` to provide data for clone buttons and links
6. Introduce `Data["RepoCloneLink"]` for the repo clone link (not the wiki)
7. Remove most `ctx.Data["PageIsWiki"]` because it has been set in the `/wiki` middleware
8. Remove incorrect `quickstart` class in `migrating.tmpl`
2022-03-29 05:21:30 +02:00
Lunny Xiao 6526733a58
Let web and API routes have different auth methods group (#19168)
* remove the global methods but create dynamiclly

* Fix lint

* Fix windows lint

* Fix windows lint

* some improvements

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-28 12:46:28 +08:00
KN4CK3R 59b867dc2d
Add `ContextUser` to http request context (#18798)
This PR adds a middleware which sets a ContextUser (like GetUserByParams before) in a single place which can be used by other methods. For routes which represent a repo or org the respective middlewares set the field too.

Also fix a bug in modules/context/org.go during refactoring.
2022-03-26 17:04:22 +08:00
KN4CK3R 3f280f89e7
Update HTTP status codes to modern codes (#18063)
* 2xx/3xx/4xx/5xx -> http.Status...
* http.StatusFound -> http.StatusTemporaryRedirect
* http.StatusMovedPermanently -> http.StatusPermanentRedirect
2022-03-23 12:54:07 +08:00
Abheek Dhawan f96e8be41f
Use custom favicon when viewing static files if it exists (#19130)
Redirect `/favicon.ico` to `/assets/img/favicon.png`.

Fix #19109
2022-03-19 19:53:31 +00:00
Otto Richter (fnetX) ea46142bce
Add button for issue deletion (#19032)
Co-authored-by: Norwin <noerw@users.noreply.github.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-03-09 01:38:11 +01:00