Mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,893 Commits 17 Branches 214 Tags 801 MiB
Commit Graph

9 Commits

Author SHA1 Message Date
wxiaoguang 4498a26222
Improve decryption failure message (#24573) (#24575) 
Backport #24573

Help some users like #16832 #1851

There are many users reporting similar problem: if the SECRET_KEY
mismatches, some operations (like 2FA login) only reports unclear 500
error and unclear "base64 decode error" log (some maintainers ever spent
a lot of time on debugging such problem)

The SECRET_KEY was not well-designed and it is also a kind of technical
debt. Since it couldn't be fixed easily, it's good to add clearer error
messages, then at least users could know what the real problem is.
 2023-05-07 22:12:32 +08:00
flynnnnnnnnnn e81ccc406b
Implement FSFE REUSE for golang files (#21840) 
Change all license headers to comply with REUSE specification.

Fix #16132

Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
 2022-11-27 18:20:29 +00:00
Gusted aa23f477b7
Use `CryptoRandomBytes` instead of `CryptoRandomString` (#18439) 
- Switch to use `CryptoRandomBytes` instead of `CryptoRandomString`, OAuth's secrets are copied pasted and don't need to avoid dubious characters etc.
- `CryptoRandomBytes` gives ![2^256 = 1.15 * 10^77](https://render.githubusercontent.com/render/math?math=2^256%20=%201.15%20\cdot%2010^77) `CryptoRandomString` gives ![62^44 = 7.33 * 10^78](https://render.githubusercontent.com/render/math?math=62^44%20=%207.33%20\cdot%2010^78) possible states.
- Add a prefix, such that code scanners can easily grep these in source code.
- 32 Bytes + prefix
 2022-02-04 18:03:15 +01:00
wxiaoguang 49dd906753
Use base32 for 2FA scratch token (#18384) 
* Use base32 for 2FA scratch token
* rename Secure* to Crypto*, add comments
 2022-01-26 12:10:10 +08:00
Gusted ff2fd08228
Simplify parameter types (#18006) 
Remove repeated type declarations in function definitions.
 2021-12-20 04:41:31 +00:00
luzpaz e0296b6a6d
Fix various documentation, user-facing, and source comment typos (#16367) 
* Fix various doc, user-facing, and source comment typos

Found via `codespell -q 3 -S ./options/locale,./vendor -L ba,pullrequest,pullrequests,readby`
 2021-07-08 13:38:13 +02:00
silverwind 1e6fa57acb
Use single shared random string generation function (#15741) 
* Use single shared random string generation function

- Replace 3 functions that do the same with 1 shared one
- Use crypto/rand over math/rand for a stronger RNG
- Output only alphanumerical for URL compatibilty

Fixes: #15536

* use const string method

* Update modules/avatar/avatar.go

Co-authored-by: a1012112796 <1012112796@qq.com>

Co-authored-by: a1012112796 <1012112796@qq.com>
 2021-05-10 07:45:17 +01:00
silverwind cda44750cb
Attachments: Add extension support, allow all types for releases (#12465) 
* Attachments: Add extension support, allow all types for releases

- Add support for file extensions, matching the `accept` attribute of `<input type="file">`
- Add support for type wildcard mime types, e.g. `image/*`
- Create repository.release.ALLOWED_TYPES setting (default unrestricted)
- Change default for attachment.ALLOWED_TYPES to a list of extensions
- Split out POST /attachments into two endpoints for issue/pr and
  releases to prevent circumvention of allowed types check

Fixes: https://github.com/go-gitea/gitea/pull/10172
Fixes: https://github.com/go-gitea/gitea/issues/7266
Fixes: https://github.com/go-gitea/gitea/pull/12460
Ref: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#Unique_file_type_specifiers

* rename function

* extract GET routes out of RepoMustNotBeArchived

Co-authored-by: Lauris BH <lauris@nix.lv>
 2020-10-05 01:49:33 -04:00
Jonas Franz e777c6bdc6 Integrate OAuth2 Provider (#5378) 2019-03-08 11:42:50 -05:00