Commit Graph

3509 Commits

Author SHA1 Message Date
KN4CK3R a9ca4b4100
Calculate filename hash only once (#19654)
* Calculate hash only once.

* remove unused Sha1 template helper function, use ctx.Data["FileNameHash"]

* fix unit tests
2022-05-09 00:29:50 +02:00
Lunny Xiao 4ca1d7547a
Move some helper files out of models (#19355)
* Move some helper files out of models

* Some improvements

Co-authored-by: delvh <dev.lh@web.de>
2022-05-08 18:46:32 +02:00
Lunny Xiao d4834071da
Repository level enable package or disable (#19323) 2022-05-08 17:51:50 +02:00
Lunny Xiao 4344a64107
Allow custom default merge message with .gitea/default_merge_message/<merge_style>_TEMPLATE.md (#18177)
* Allow custom default merge message with .gitea/MERGE_MESSAGE_<merge_style>_TEMPLATE.md

* Some improvements

* Follow some advices

* Fix bug

* Fix bug

* Fix lint

* Fix close comment

* Fix test

* Fix and docs

* Improve codes

* Update docs and remove unnecessary variables

* return error for GetDefaultMergeMessage

* Fix test

* improve code

* ignore unknow unit type

* return error for GetDefaultMergeMessage

* Update services/pull/merge.go

* Some improvements

* Follow some advices

* Fix bug

* Fix lint

* Improve codes

* Update docs and remove unnecessary variables

* return error for GetDefaultMergeMessage

* improve code

* Handle deleted HeadRepo in GetDefaultMergeMessage

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Fix test

* Fix test

Co-authored-by: zeripath <art27@cantab.net>
2022-05-08 20:32:45 +08:00
delvh 5ca224a789
Allow to mark files in a PR as viewed (#19007)
Users can now mark files in PRs as viewed, resulting in them not being shown again by default when they reopen the PR again.
2022-05-07 20:28:10 +02:00
kolaente 59b30f060a
Auto merge pull requests when all checks succeeded via API (#9307)
* Fix indention

Signed-off-by: kolaente <k@knt.li>

* Add option to merge a pr right now without waiting for the checks to succeed

Signed-off-by: kolaente <k@knt.li>

* Fix lint

Signed-off-by: kolaente <k@knt.li>

* Add scheduled pr merge to tables used for testing

Signed-off-by: kolaente <k@knt.li>

* Add status param to make GetPullRequestByHeadBranch reusable

Signed-off-by: kolaente <k@knt.li>

* Move "Merge now" to a seperate button to make the ui clearer

Signed-off-by: kolaente <k@knt.li>

* Update models/scheduled_pull_request_merge.go

Co-authored-by: 赵智超 <1012112796@qq.com>

* Update web_src/js/index.js

Co-authored-by: 赵智超 <1012112796@qq.com>

* Update web_src/js/index.js

Co-authored-by: 赵智超 <1012112796@qq.com>

* Re-add migration after merge

* Fix frontend lint

* Fix version compare

* Add vendored dependencies

* Add basic tets

* Make sure the api route is capable of scheduling PRs for merging

* Fix comparing version

* make vendor

* adopt refactor

* apply suggestion: User -> Doer

* init var once

* Fix Test

* Update templates/repo/issue/view_content/comments.tmpl

* adopt

* nits

* next

* code format

* lint

* use same name schema; rm CreateUnScheduledPRToAutoMergeComment

* API: can not create schedule twice

* Add TestGetBranchNamesForSha

* nits

* new go routine for each pull to merge

* Update models/pull.go

Co-authored-by: a1012112796 <1012112796@qq.com>

* Update models/scheduled_pull_request_merge.go

Co-authored-by: a1012112796 <1012112796@qq.com>

* fix & add renaming sugestions

* Update services/automerge/pull_auto_merge.go

Co-authored-by: a1012112796 <1012112796@qq.com>

* fix conflict relicts

* apply latest refactors

* fix: migration after merge

* Update models/error.go

Co-authored-by: delvh <dev.lh@web.de>

* Update options/locale/locale_en-US.ini

Co-authored-by: delvh <dev.lh@web.de>

* Update options/locale/locale_en-US.ini

Co-authored-by: delvh <dev.lh@web.de>

* adapt latest refactors

* fix test

* use more context

* skip potential edgecases

* document func usage

* GetBranchNamesForSha() -> GetRefsBySha()

* start refactoring

* ajust to new changes

* nit

* docu nit

* the great check move

* move checks for branchprotection into own package

* resolve todo now ...

* move & rename

* unexport if posible

* fix

* check if merge is allowed before merge on scheduled pull

* debugg

* wording

* improve SetDefaults & nits

* NotAllowedToMerge -> DisallowedToMerge

* fix test

* merge files

* use package "errors"

* merge files

* add string names

* other implementation for gogit

* adapt refactor

* more context for models/pull.go

* GetUserRepoPermission use context

* more ctx

* use context for loading pull head/base-repo

* more ctx

* more ctx

* models.LoadIssueCtx()

* models.LoadIssueCtx()

* Handle pull_service.Merge in one DB transaction

* add TODOs

* next

* next

* next

* more ctx

* more ctx

* Start refactoring structure of old pull code ...

* move code into new packages

* shorter names ... and finish **restructure**

* Update models/branches.go

Co-authored-by: zeripath <art27@cantab.net>

* finish UpdateProtectBranch

* more and fix

* update datum

* template: use "svg" helper

* rename prQueue 2 prPatchCheckerQueue

* handle automerge in queue

* lock pull on git&db actions ...

* lock pull on git&db actions ...

* add TODO notes

* the regex

* transaction in tests

* GetRepositoryByIDCtx

* shorter table name and lint fix

* close transaction bevore notify

* Update models/pull.go

* next

* CheckPullMergable check all branch protections!

* Update routers/web/repo/pull.go

* CheckPullMergable check all branch protections!

* Revert "PullService lock via pullID (#19520)" (for now...)

This reverts commit 6cde7c9159a5ea75a10356feb7b8c7ad4c434a9a.

* Update services/pull/check.go

* Use for a repo action one database transaction

* Apply suggestions from code review

* Apply suggestions from code review

Co-authored-by: delvh <dev.lh@web.de>

* Update services/issue/status.go

Co-authored-by: delvh <dev.lh@web.de>

* Update services/issue/status.go

Co-authored-by: delvh <dev.lh@web.de>

* use db.WithTx()

* gofmt

* make pr.GetDefaultMergeMessage() context aware

* make MergePullRequestForm.SetDefaults context aware

* use db.WithTx()

* pull.SetMerged only with context

* fix deadlock in `test-sqlite\#TestAPIBranchProtection`

* dont forget templates

* db.WithTx allow to set the parentCtx

* handle db transaction in service packages but not router

* issue_service.ChangeStatus just had caused another deadlock :/
it has to do something with how notification package is handled

* if we merge a pull in one database transaktion, we get a lock, because merge infoce internal api that cant handle open db sessions to the same repo

* ajust to current master

* Apply suggestions from code review

Co-authored-by: delvh <dev.lh@web.de>

* dont open db transaction in router

* make generate-swagger

* one _success less

* wording nit

* rm

* adapt

* remove not needed test files

* rm less diff & use attr in JS

* ...

* Update services/repository/files/commit.go

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

* ajust db schema for PullAutoMerge

* skip broken pull refs

* more context in error messages

* remove webUI part for another pull

* remove more WebUI only parts

* API: add CancleAutoMergePR

* Apply suggestions from code review

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

* fix lint

* Apply suggestions from code review

* cancle -> cancel

Co-authored-by: delvh <dev.lh@web.de>

* change queue identifyer

* fix swagger

* prevent nil issue

* fix and dont drop error

* as per @zeripath

* Update integrations/git_test.go

Co-authored-by: delvh <dev.lh@web.de>

* Update integrations/git_test.go

Co-authored-by: delvh <dev.lh@web.de>

* more declarative integration tests (dedup code)

* use assert.False/True helper

Co-authored-by: 赵智超 <1012112796@qq.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-05-08 01:05:52 +08:00
KN4CK3R 8adba93498
Hide private repositories in packages (#19584) 2022-05-07 18:21:15 +02:00
Jimmy Praet 38d72d40f1
Only show accessible teams in dashboard dropdown list (#19642)
Fixes #19637
2022-05-07 17:49:43 +02:00
Gusted 3ece9d5794
Simplify `IsVendor` (#19626)
The changes in this file were upstreamed directly into go-enry as https://github.com/go-enry/go-enry/pull/44
and therefore they are no longer needed.
2022-05-06 10:12:30 +01:00
wxiaoguang 04fc4b7e05
Call MultipartForm.RemoveAll when request finishes (#19606) 2022-05-05 16:13:23 +02:00
ttys3 e933f31426
Add health check endpoint (#18465)
* chore: add health check endpoint

docs: update document about health check

fix: fix up Sqlite3 ping. current ping will success even if the db file is missing

fix: do not expose privacy information in output field

* refactor: remove HealthChecker struct

* Added `/api/healthz` to install routes.

This was needed for using /api/healthz endpoint in Docker healthchecks,
otherwise, Docker would never become healthy if using healthz endpoint
and users would not be able to complete the installation of Gitea.

* Update modules/cache/cache.go

* fine tune

* Remove unnecessary test code. Now there are 2 routes for installation (and maybe more in future)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Marcos de Oliveira <marcossantos@furb.br>
2022-05-04 14:56:20 +03:00
Gusted 3114cd30b8
Only check for non-finished migrating task (#19601)
* Only check for non-finished migrating task

- Only check if a non-finished migrating task exists for a mirror before
fetching the mirror details from the database.
- Resolves #19600
- Regression: #19588

* Clarify function
2022-05-04 12:09:42 +02:00
6543 92f139d091
Use for a repo action one database transaction (#19576)
... more context

(part of #9307)
2022-05-03 21:46:28 +02:00
wxiaoguang 730420b6b3
Only set CanColorStdout / CanColorStderr to true if the stdout/stderr is a terminal (#19581) 2022-05-03 18:03:34 +02:00
Gusted 982b726b08
Don't fetch Mirror when it's migrating (#19588)
- When a repository is still being migrated, don't try to fetch the
Mirror from the database. Instead skip it. This allows to visit
repositories that are still being migrated and were configured to be
mirrored.
- Resolves #19585
- Regression: #19295

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-05-03 16:55:17 +03:00
wxiaoguang c18d8d6968
Remove legacy `+build:` constraint (#19582)
Go 1.17 and later use modern `//go:build` constraints, the old `// +build:` constraints should be removed.
2022-05-02 23:22:45 +08:00
6543 e2a3f3d259
Federation: return useful statistic information for nodeinfo (#19561)
Add statistic information for total user count, active user count, issue count and comment count for `/nodeinfo`
2022-05-02 21:35:45 +08:00
wxiaoguang 509d811243
Upgrade required git version to 2.0 (#19577)
* Upgrade required git version to 2.0

* update document
2022-05-02 20:30:24 +08:00
Gusted c0a6309a5f
Simplify loops to copy (#19569)
- Simplify two loops into `copy` statements.
2022-05-01 01:53:56 +02:00
6543 8d34c2fab9
fix #19545 (#19563) 2022-04-30 20:50:56 +08:00
Jimmy Praet 5aebc4f000
Respect DefaultUserIsRestricted system default when creating new user (#19310)
* Apply DefaultUserIsRestricted in CreateUser

* Enforce system defaults in CreateUser

Allow for overwrites with CreateUserOverwriteOptions

* Fix compilation errors

* Add "restricted" option to create user command

* Add "restricted" option to create user admin api

* Respect default setting.Service.RegisterEmailConfirm and setting.Service.RegisterManualConfirm where needed

* Revert "Respect default setting.Service.RegisterEmailConfirm and setting.Service.RegisterManualConfirm where needed"

This reverts commit ee95d3e8dc9e9fff4fa66a5111e4d3930280e033.
2022-04-29 15:38:11 -04:00
Florin Hillebrand ad6d08d155
Add API to query collaborators permission for a repository (#18761)
Targeting #14936, #15332

Adds a collaborator permissions API endpoint according to GitHub API: https://docs.github.com/en/rest/collaborators/collaborators#get-repository-permissions-for-a-user to retrieve a collaborators permissions for a specific repository.

### Checks the repository permissions of a collaborator. 

`GET` `/repos/{owner}/{repo}/collaborators/{collaborator}/permission`

Possible `permission` values are `admin`, `write`, `read`, `owner`, `none`.

```json
{
  "permission": "admin",
  "role_name": "admin",
  "user": {}
}
```

Where `permission` and `role_name` hold the same `permission` value and `user` is filled with the user API object. Only admins are allowed to use this API endpoint.
2022-04-29 14:24:38 +02:00
wxiaoguang a51efb4c2c
Support `hostname:port` to pass host matcher's check #19543 (#19543)
hostmatcher: split the hostname from the `hostname:port` string, use the correct hostname to do the match.
2022-04-29 01:39:50 +08:00
qwerty287 8eb1cd9264
Add "Allow edits from maintainer" feature (#18002)
Adds a feature [like GitHub has](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork) (step 7).
If you create a new PR from a forked repo, you can select (and change later, but only if you are the PR creator/poster) the "Allow edits from maintainers" option.
Then users with write access to the base branch get more permissions on this branch:
* use the update pull request button
* push directly from the command line (`git push`)
* edit/delete/upload files via web UI
* use related API endpoints

You can't merge PRs to this branch with this enabled, you'll need "full" code write permissions.

This feature has a pretty big impact on the permission system. I might forgot changing some things or didn't find security vulnerabilities. In this case, please leave a review or comment on this PR.

Closes #17728

Co-authored-by: 6543 <6543@obermui.de>
2022-04-28 17:45:33 +02:00
6543 06e4687cec
more context for models (#19511)
make more usage of context, to have more db transaction in one session

(make diff of  #9307 smaller)
2022-04-28 13:48:48 +02:00
zeripath 332b2ecd21
Prevent intermittent race in attribute reader close (#19537)
There is a potential rare race possible whereby the c.running channel could
be closed twice. Looking at the code I do not see a need for this c.running
channel and therefore I think we can remove this. (I think the c.running
might have been some attempt to prevent a hang but the use of os.Pipes should
prevent that.)

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-04-28 11:19:33 +08:00
Gusted b5383590de
Fix 64-bit atomic operations on 32-bit machines (#19531)
- Doing 64-bit atomic operations on 32-bit machines is a bit tricky by
golang, as they can only be done under certain set of
conditions(https://pkg.go.dev/sync/atomic#pkg-note-BUG).
- This PR fixes such case whereby the conditions weren't met, it moves
the int64 to the first field of the struct, which will 64-bit operations
happening on this property on 32-bit machines.
- Resolves #19518
2022-04-27 10:32:04 -05:00
zeripath 41fcf7b7de
Prevent dangling archiver goroutine (#19516)
Within doArchive there is a service goroutine that performs the
archiving function.  This goroutine reports its error using a `chan
error` called `done`. Prior to this PR this channel had 0 capacity
meaning that the goroutine would block until the `done` channel was
cleared - however there are a couple of ways in which this channel might
not be read.

The simplest solution is to add a single space of capacity to the
goroutine which will mean that the goroutine will always complete and
even if the `done` channel is not read it will be simply garbage
collected away.

(The PR also contains two other places when setting up the indexers
which do not leak but where the blocking of the sending goroutine is
also unnecessary and so we should just add a small amount of capacity
and let the sending goroutine complete as soon as it can.)

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
2022-04-26 19:22:26 -04:00
John Olheiser 3c140f0d42
Use router param for filepath in GetRawFile (#19499)
* Use router param for filepath

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Move TreePath back into RepoRefForAPI

Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-04-26 12:15:45 -05:00
Gusted 4e912a61c8
Improve Stopwatch behavior (#18930)
- Don't send empty stopwatch over and over again, only send once.
- Stop interval to update stopwatch's timer when there is no more stopwatch.
2022-04-25 22:45:22 +02:00
6543 1ebb30e41b
Pass gitRepo down to GetRawDiff, since its used for main repo and wiki (#19461)
as per https://github.com/go-gitea/gitea/pull/19449#issuecomment-1105283931

pass gitRepo down to GetRawDiff, since its used for main repo and wiki
2022-04-25 20:45:18 +02:00
Lunny Xiao 7c164d5a91
Use queue instead of memory queue in webhook send service (#19390) 2022-04-25 20:03:01 +02:00
6543 ddbbe6e15c
User specific repoID or xorm builder conditions for issue search (#19475)
* extend models.IssuesOptions to have more specific repo filter options

* use new options

* unrelated refactor

* rm RepoIDs
2022-04-25 16:06:24 +02:00
6543 2ec2baf248
use IsLoopback (#19477)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-04-25 13:55:12 +08:00
Pilou ebb23967dc
[doctor] authorized-keys: fix displayed check name (#19464)
The registered check name is authorized-keys, not authorized_keys.
2022-04-24 20:06:33 +02:00
zeripath 0dcc74a8a7
Prevent dangling cat-file calls (goroutine alternative) (#19454)
If an `os/exec.Command` is passed non `*os.File` as an input/output, go
will create `os.Pipe`s and wait for their closure in `cmd.Wait()`.  If
the code following this is responsible for closing `io.Pipe`s or other
handlers then on process death from context cancellation the `Wait` can
hang.

There are two possible solutions:

1. use `os.Pipe` as the input/output as `cmd.Wait` does not wait for these.
2. create a goroutine waiting on the context cancellation that will close the inputs.

This PR provides the second option - which is a simpler change that can
be more easily backported.

Closes #19448

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-04-22 17:20:04 +02:00
Gusted ebe569a268
Set correct PR status on 3way on conflict checking (#19457)
* Set correct PR status on 3way on conflict checking

- When 3-way merge is enabled for conflict checking, it has a new
interesting behavior that it doesn't return any error when it found a
conflict, so we change the condition to not check for the error, but
instead check if conflictedfiles is populated, this fixes a issue
whereby PR status wasn't correctly on conflicted PR's.
- Refactor the mergeable property(which was incorrectly set and lead me this
bug) to be more maintainable.
- Add a dedicated test for conflicting checking, so it should prevent
future issues with this.

* Fix linter
2022-04-21 22:55:45 +01:00
6543 c764355676
RepoAssignment ensure to close before overwrite (#19449)
* check if GitRepo already open and close if

* only run RepoAssignment once

* refactor context helper for api to open GitRepo
2022-04-21 17:17:57 +02:00
zeripath a7f0ce6207
Add uploadpack.allowAnySHA1InWant to allow --filter=blob:none with older git clients (#19430)
Older git clients need uploadpack.allowAnySHA1InWant if partial cloning is allowed.

Fix #19118

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-04-20 17:52:16 +02:00
zeripath 409ff55a29
When updating mirror repo intervals by API reschedule next update too (#19429)
When a mirror repo interval is updated by the UI it is rescheduled with that interval
however the API does not do this. The API also lacks the enable_prune option.

This PR adds this functionality in to the API Edit Repo endpoint.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-04-20 09:20:53 +01:00
KN4CK3R 18727df73a
Add Helm Chart registry (#19406) 2022-04-19 12:55:35 -04:00
Lunny Xiao b8911fb456
Use a struct as test options (#19393)
* Use a struct as test options

* Fix name

* Fix test
2022-04-14 21:58:21 +08:00
KN4CK3R 6d51b9f615
Fixed registry host value. (#19363) 2022-04-10 19:57:36 +08:00
wxiaoguang d906858847
Use "main" as default branch name (#19354)
* Use "main" as default branch name

* fix test code
2022-04-08 23:26:48 -05:00
Lunny Xiao 1dfa26e00e
Move milestone to models/issues/ (#19278)
* Move milestone to models/issues/

* Fix lint

* Fix test

* Fix lint

* Fix lint
2022-04-08 17:11:15 +08:00
wxiaoguang 84ceaa98bd
Refactor CSRF protection modules, make sure CSRF tokens can be up-to-date. (#19337)
Do a refactoring to the CSRF related code, remove most unnecessary functions.
Parse the generated token's issue time, regenerate the token every a few minutes.
2022-04-08 13:21:05 +08:00
Lunny Xiao 3c3d49899f
Remove dependent on session auth for api/v1 routers (#19321)
* Remove dependent on session auth for api/v1 routers

* Remove unnecessary session on API context

* remove missed header

* fix test

* fix missed api/v1
2022-04-08 06:22:10 +02:00
Lunny Xiao 783a021889
Never use /api/v1 from Gitea UI Pages (#19318)
Reusing `/api/v1` from Gitea UI Pages have pros and cons.
Pros:
1) Less code copy

Cons:
1) API/v1 have to support shared session with page requests.
2) You need to consider for each other when you want to change something about api/v1 or page.

This PR moves all dependencies to API/v1 from UI Pages.

Partially replace #16052
2022-04-07 20:59:56 +02:00
techknowlogick 48dc88acd0
Allow custom redirect for landing page (#19324)
* Allow custom redirect for landing page

* Update modules/setting/setting.go

Co-authored-by: delvh <dev.lh@web.de>

* fix lint

* one option

Co-authored-by: delvh <dev.lh@web.de>
2022-04-05 12:16:01 -04:00
wxiaoguang d242511e86
Remove legacy unmaintained packages, refactor to support change default locale (#19308)
Remove two unmaintained vendor packages `i18n` and `paginater`. Changes:
* Rewrite `i18n` package with a more clear fallback mechanism. Fix an unstable `Tr` behavior, add more tests.
* Refactor the legacy `Paginater` to `Paginator`, test cases are kept unchanged.

Trivial enhancement (no breaking for end users):
* Use the first locale in LANGS setting option as the default, add a log to prevent from surprising users.
2022-04-03 17:46:48 +08:00
zeripath 7b4c3c7bb1
Prevent intermittent NPE in queue tests (#19301)
There appears to be an intermittent NPE in queue tests relating to the deferred
shutdown/terminate functions.

This PR more formally asserts that shutdown and termination occurs before starting
and finishing the tests but leaves the defer in place to ensure that if there is an
issue shutdown/termination will occur.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-04-02 15:59:04 +08:00
wxiaoguang 4f27c28947
Remove legacy `unknwon/com` package (#19298)
Follows: #19284
* The `CopyDir` is only used inside test code
* Rewrite `ToSnakeCase` with more test cases
* The `RedisCacher` only put strings into cache, here we use internal `toStr` to replace the legacy `ToStr`
* The `UniqueQueue` can use string as ID directly, no need to call `ToStr`
2022-04-02 00:34:57 +08:00
Peter Gardfjäll 58c9d12933
A pull-mirror repo should be marked as such on creation (#19295)
Right now, a pull-mirror repo does not get marked as such until *after* the
mirroring completes. In the meantime, it will show up (in API and UI) as a
regular repo.
2022-04-01 22:14:36 +08:00
wxiaoguang 65f17bfc31
Refactor legacy `unknwon/com` package, improve golangci lint (#19284)
The main purpose is to refactor the legacy `unknwon/com` package.
1. Remove most imports of `unknwon/com`, only `util/legacy.go` imports the legacy `unknwon/com`
2. Use golangci's depguard to process denied packages
3. Fix some incorrect values in golangci.yml, eg, the version should be quoted string `"1.18"`
4. Use correctly escaped content for `go-import` and `go-source` meta tags
5. Refactor `com.Expand` to our stable (and the same fast) `vars.Expand`, our `vars.Expand` can still return partially rendered content even if the template is not good (eg: key mistach).
2022-04-01 16:47:50 +08:00
wxiaoguang 124b072f0b
Remove `git.Command.Run` and `git.Command.RunInDir*` (#19280)
Follows #19266, #8553, Close #18553, now there are only three `Run..(&RunOpts{})` functions.
 * before: `stdout, err := RunInDir(path)`
 * now: `stdout, _, err := RunStdString(&git.RunOpts{Dir:path})`
2022-04-01 10:55:30 +08:00
silverwind 1eb0da58c3
Update JS dependencies (#19281)
- Upgrade all JS dependencies minus vue and vue-loader
- Adapt to breaking change of octicons
- Update eslint rules
- Tested Swagger UI, sortablejs and prod build
2022-04-01 02:15:46 +02:00
Lunny Xiao 420851ca1f
Fix global packages enabled avaiable (#19276)
Fix #19275
2022-03-31 19:31:53 +02:00
zeripath c88547ce71
Add Goroutine stack inspector to admin/monitor (#19207)
Continues on from #19202.

Following the addition of pprof labels we can now more easily understand the relationship between a goroutine and the requests that spawn them. 

This PR takes advantage of the labels and adds a few others, then provides a mechanism for the monitoring page to query the pprof goroutine profile.

The binary profile that results from this profile is immediately piped in to the google library for parsing this and then stack traces are formed for the goroutines.

If the goroutine is within a context or has been created from a goroutine within a process context it will acquire the process description labels for that process. 

The goroutines are mapped with there associate pids and any that do not have an associated pid are placed in a group at the bottom as unbound.

In this way we should be able to more easily examine goroutines that have been stuck.

A manager command `gitea manager processes` is also provided that can export the processes (with or without stacktraces) to the command line.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-31 19:01:43 +02:00
Peter Gardfjäll e28cc79c92
Improve sync performance for pull-mirrors (#19125)
This addresses https://github.com/go-gitea/gitea/issues/18352

It aims to improve performance (and resource use) of the `SyncReleasesWithTags` operation for pull-mirrors.

For large repositories with many tags, `SyncReleasesWithTags` can be a costly operation (taking several minutes to complete). The reason is two-fold:
    
1. on sync, every upstream repo tag is compared (for changes) against existing local entries in the release table to ensure that they are up-to-date.
    
2. the procedure for getting _each tag_ involves a series of git operations    
    ```bash
     git show-ref --tags -- v8.2.4477
     git cat-file -t 29ab6ce9f36660cffaad3c8789e71162e5db5d2f
     git cat-file -p 29ab6ce9f36660cffaad3c8789e71162e5db5d2f
     git rev-list --count 29ab6ce9f36660cffaad3c8789e71162e5db5d2f
     ```    

     of which the `git rev-list --count` can be particularly heavy.
    
This PR optimizes performance for pull-mirrors. We utilize the fact that a pull-mirror is always identical to its upstream and rebuild the entire release table on every sync and use a batch `git for-each-ref .. refs/tags` call to retrieve all tags in one go.
    
For large mirror repos, with hundreds of annotated tags, this brings down the duration of the sync operation from several minutes to a few seconds. A few unscientific examples run on my local machine:

- https://github.com/spring-projects/spring-boot (223 tags)
  - before: `0m28,673s`
  - after: `0m2,244s`
- https://github.com/kubernetes/kubernetes (890 tags)
  - before: `8m00s`
  - after: `0m8,520s`
- https://github.com/vim/vim (13954 tags)
  - before: `14m20,383s`
  - after: `0m35,467s`

 

I added a `foreachref` package which contains a flexible way of specifying which reference fields are of interest (`git-for-each-ref(1)`) and to produce a parser for the expected output. These could be reused in other places where `for-each-ref` is used.  I'll add unit tests for those if the overall PR looks promising.
2022-03-31 14:30:40 +02:00
wxiaoguang b877504b03
Refactor `git.Command.Run*`, introduce `RunWithContextString` and `RunWithContextBytes` (#19266)
This follows 
* https://github.com/go-gitea/gitea/issues/18553

Introduce `RunWithContextString` and `RunWithContextBytes` to help the refactoring. Add related unit tests. They keep the same behavior to save stderr into err.Error() as `RunInXxx` before.

Remove `RunInDirTimeoutPipeline` `RunInDirTimeoutFullPipeline` `RunInDirTimeout` `RunInDirTimeoutEnv`  `RunInDirPipeline`  `RunInDirFullPipeline`  `RunTimeout`, `RunInDirTimeoutEnvPipeline`, `RunInDirTimeoutEnvFullPipeline`, `RunInDirTimeoutEnvFullPipelineFunc`.

Then remaining `RunInDir` `RunInDirBytes` `RunInDirWithEnv` can be easily refactored in next PR with a simple search & replace:
* before: `stdout, err := RunInDir(path)`
* next: `stdout, _, err := RunWithContextString(&git.RunContext{Dir:path})`

Other changes:
1. When `timeout <= 0`, use default. Because `timeout==0` is meaningless and could cause bugs. And now many functions becomes more simple, eg: `GitGcRepos` 9 lines to 1 line. `Fsck` 6 lines to 1 line.
2. Only set defaultCommandExecutionTimeout when the option `setting.Git.Timeout.Default > 0`
2022-03-31 13:56:22 +02:00
Lunny Xiao d4f84f1c93
Move reaction to models/issues/ (#19264)
* Move reaction to models/issues/

* Fix test

* move the function

* improve code

* Update models/issues/reaction.go

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-31 17:20:39 +08:00
wxiaoguang c83168104b
Use a more general (and faster) method to sanitize URLs with credentials (#19239)
Use a more general method to sanitize URLs with credentials: Simple and intuitive / Faster /  Remove all credentials in all URLs
2022-03-31 10:25:40 +08:00
Justin Sievenpiper a2c20a6cab
Add Redis Sentinel Authentication Support (#19213)
Gitea was not able to supply any authentication parameters to it. So this brings support to do that, along with some light extraction of a couple of bits into some separate functions for easier testing.

I looked at other libraries supporting similar RedisUri-style connection strings (e.g. Lettuce), but it looks like this type of configuration is beyond what would typically be done in a connection string. Since gitea doesn't have configuration options for manually specifying all this redis connection detail, I went ahead and just chose straightforward names for these new parameters.
2022-03-30 21:12:02 +02:00
KN4CK3R 1d332342db
Add Package Registry (#16510)
* Added package store settings.

* Added models.

* Added generic package registry.

* Added tests.

* Added NuGet package registry.

* Moved service index to api file.

* Added NPM package registry.

* Added Maven package registry.

* Added PyPI package registry.

* Summary is deprecated.

* Changed npm name.

* Sanitize project url.

* Allow only scoped packages.

* Added user interface.

* Changed method name.

* Added missing migration file.

* Set page info.

* Added documentation.

* Added documentation links.

* Fixed wrong error message.

* Lint template files.

* Fixed merge errors.

* Fixed unit test storage path.

* Switch to json module.

* Added suggestions.

* Added package webhook.

* Add package api.

* Fixed swagger file.

* Fixed enum and comments.

* Fixed NuGet pagination.

* Print test names.

* Added api tests.

* Fixed access level.

* Fix User unmarshal.

* Added RubyGems package registry.

* Fix lint.

* Implemented io.Writer.

* Added support for sha256/sha512 checksum files.

* Improved maven-metadata.xml support.

* Added support for symbol package uploads.

* Added tests.

* Added overview docs.

* Added npm dependencies and keywords.

* Added no-packages information.

* Display file size.

* Display asset count.

* Fixed filter alignment.

* Added package icons.

* Formatted instructions.

* Allow anonymous package downloads.

* Fixed comments.

* Fixed postgres test.

* Moved file.

* Moved models to models/packages.

* Use correct error response format per client.

* Use simpler search form.

* Fixed IsProd.

* Restructured data model.

* Prevent empty filename.

* Fix swagger.

* Implemented user/org registry.

* Implemented UI.

* Use GetUserByIDCtx.

* Use table for dependencies.

* make svg

* Added support for unscoped npm packages.

* Add support for npm dist tags.

* Added tests for npm tags.

* Unlink packages if repository gets deleted.

* Prevent user/org delete if a packages exist.

* Use package unlink in repository service.

* Added support for composer packages.

* Restructured package docs.

* Added missing tests.

* Fixed generic content page.

* Fixed docs.

* Fixed swagger.

* Added missing type.

* Fixed ambiguous column.

* Organize content store by sha256 hash.

* Added admin package management.

* Added support for sorting.

* Add support for multiple identical versions/files.

* Added missing repository unlink.

* Added file properties.

* make fmt

* lint

* Added Conan package registry.

* Updated docs.

* Unify package names.

* Added swagger enum.

* Use longer TEXT column type.

* Removed version composite key.

* Merged package and container registry.

* Removed index.

* Use dedicated package router.

* Moved files to new location.

* Updated docs.

* Fixed JOIN order.

* Fixed GROUP BY statement.

* Fixed GROUP BY #2.

* Added symbol server support.

* Added more tests.

* Set NOT NULL.

* Added setting to disable package registries.

* Moved auth into service.

* refactor

* Use ctx everywhere.

* Added package cleanup task.

* Changed packages path.

* Added container registry.

* Refactoring

* Updated comparison.

* Fix swagger.

* Fixed table order.

* Use token auth for npm routes.

* Enabled ReverseProxy auth.

* Added packages link for orgs.

* Fixed anonymous org access.

* Enable copy button for setup instructions.

* Merge error

* Added suggestions.

* Fixed merge.

* Handle "generic".

* Added link for TODO.

* Added suggestions.

* Changed temporary buffer filename.

* Added suggestions.

* Apply suggestions from code review

Co-authored-by: Thomas Boerger <thomas@webhippie.de>

* Update docs/content/doc/packages/nuget.en-us.md

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Thomas Boerger <thomas@webhippie.de>
2022-03-30 16:42:47 +08:00
6543 3e88af898a
Make git.OpenRepository accept Context (#19260)
* OpenRepositoryCtx -> OpenRepository
* OpenRepository -> openRepositoryWithDefaultContext, only for internal usage
2022-03-30 03:13:41 +08:00
zeripath 889a8c268c
Use full output of git show-ref --tags to get tags for PushUpdateAddTag (#19235)
Strangely #19038 appears to relate to an issue whereby a tag appears to
be listed in `git show-ref --tags` but then does not appear when `git
show-ref --tags -- short_name` is called.

As a solution though I propose to stop the second call as it is
unnecessary and only likely to cause problems.

I've also noticed that the tags calls are wildly inefficient and aren't using the common cat-files - so these have been added.

I've also noticed that the git commit-graph is not being written on mirroring - so I've also added writing this to the migration which should improve mirror rendering somewhat. 

Fix #19038

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2022-03-29 19:12:33 +02:00
John Olheiser 66f2210fec
More commit info from API (#19252)
Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-03-29 10:47:44 -05:00
zeripath 97625b44e7
Provide configuration to allow camo-media proxying (#12802)
* Provide configuration to allow camo-media proxying

Fix #916

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-29 10:27:37 +02:00
Lunny Xiao 76aa33d884
Move init repository related functions to modules (#19159)
* Move init repository related functions to modules

* Fix lint

* Use ctx but db.DefaultContext

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-29 15:23:45 +08:00
Lunny Xiao b06b9a056c
Move organization related structs into sub package (#18518)
* Move organization related structs into sub package

* Fix test

* Fix lint

* Move more functions into sub packages

* Fix bug

* Fix test

* Update models/organization/team_repo.go

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>

* Apply suggestions from code review

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>

* Fix fmt

* Follow suggestion from @Gusted

* Fix test

* Fix test

* Fix bug

* Use ctx but db.DefaultContext on routers

* Fix bug

* Fix bug

* fix bug

* Update models/organization/team_user.go

* Fix bug

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-29 14:29:02 +08:00
wxiaoguang d4c789dfc1
Refactor repo clone button and repo clone links, fix JS error on empty repo page (#19208)
The last PR about clone buttons introduced an JS error when visiting an empty repo page:
* https://github.com/go-gitea/gitea/pull/19028
* `Uncaught ReferenceError: isSSH is not defined`, because the variables are scoped and doesn't share between sub templates.

This:
1. Simplify `templates/repo/clone_buttons.tmpl` and make code clear
2. Move most JS code into `initRepoCloneLink`
3. Remove unused `CloneLink.Git`
4. Remove `ctx.Data["DisableSSH"] / ctx.Data["ExposeAnonSSH"] / ctx.Data["DisableHTTP"]`, and only set them when is is needed (eg: deploy keys / ssh keys)
5. Introduce `Data["CloneButton*"]` to provide data for clone buttons and links
6. Introduce `Data["RepoCloneLink"]` for the repo clone link (not the wiki)
7. Remove most `ctx.Data["PageIsWiki"]` because it has been set in the `/wiki` middleware
8. Remove incorrect `quickstart` class in `migrating.tmpl`
2022-03-29 05:21:30 +02:00
zeripath d3dbdbe6c5
Prevent intermittent failures in RepoIndexerTest (2) (#19229)
So whilst #19225 fixes one issue it caused another. We need to initialise the Git
module first.

Related #19225
Fix #19162

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
2022-03-27 17:54:51 -04:00
Lunny Xiao c29fbc6d23
Hide sensitive content on admin panel progress monitor (#19218)
Sanitize urls within git process descriptions.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2022-03-27 12:54:09 +01:00
zeripath 41b60d94db
Do not include global arguments in process manager (#19226)
The git command by default adds a number of global arguments. These are not
helpful to be displayed in the process manager and so should be skipped for
default process descriptions.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-27 10:09:56 +01:00
zeripath 793ce9dacf
Prevent intermittent failures in RepoIndexerTest (#19225)
The RepoIndexerTest is failing with considerable frequency due to a race inherrent in
its design. This PR adjust this test to avoid the reliance on waiting for the populate
repo indexer to run and forcibly adds the repo to the queue. It then flushes the queue.

It may be worth separating out the tests somewhat by testing the Index function
directly away from the queue however, this forceful method should solve the current
problem.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-27 15:05:01 +08:00
Abheek Dhawan f316582458
Set the default branch for repositories generated from templates (#19136)
* Set the default branch for repositories generated from templates
* Allows default branch to be set through the API for repos generated from templates
* Update swagger API template
* Only set default branch to the one from the template if not specified
* Use specified default branch if it exists while generating git commits

Fix #19082 

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2022-03-27 03:56:28 +01:00
zeripath 70628bd870
Add auto logging of goroutine pid label (#19212)
* Add auto logging of goroutine pid label

This PR uses unsafe to export the hidden runtime_getProfLabel function from the
runtime package and then casts the result to a map[string]string.

We can then interrogate this map to get the pid label from the goroutine allowing
us to log it with any logging request.

Reference #19202

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-26 20:04:36 +00:00
KN4CK3R 59b867dc2d
Add `ContextUser` to http request context (#18798)
This PR adds a middleware which sets a ContextUser (like GetUserByParams before) in a single place which can be used by other methods. For routes which represent a repo or org the respective middlewares set the field too.

Also fix a bug in modules/context/org.go during refactoring.
2022-03-26 17:04:22 +08:00
zeripath 5fe764b1eb
Add pprof labels in processes and for lifecycles (#19202)
Use pprof labelling to help identify goroutines with stacks.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-25 12:47:12 +00:00
Robert Kaussow 909804b717
Bump goldmark to v1.4.11 (#19201)
* Bump goldmark to v1.4.11

* add testcase

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Andrew Thornton <art27@cantab.net>
2022-03-24 11:47:37 -04:00
zeripath 0b1686b67a
Prevent redirect to Host (2) (#19175)
Unhelpfully Locations starting with `/\` will be converted by the
browser to `//` because ... well I do not fully understand. Certainly
the RFCs and MDN do not indicate that this would be expected. Providing
"compatibility" with the (mis)behaviour of a certain proprietary OS is
my suspicion. However, we clearly have to protect against this.

Therefore we should reject redirection locations that match the regular
expression: `^/[\\\\/]+`

Reference #9678

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-23 16:12:36 +00:00
Andrew Thornton 81b5bef55a
Prevent start panic due to missing DotEscape function
Unfortunately #19169 causing a panic at startup in prod mode. This was hidden by dev
mode because the templates are compiled dynamically there. The issue is that DotEscape
is not in the original FuncMap at the time of compilation which causes a panic.

Ref #19169

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-23 16:08:27 +00:00
a1012112796 d8f578412e
Redirect .wiki/* ui link to /wiki (#18831)
Redirect .wiki/* ui link to /wiki

fix #18590

Signed-off-by: a1012112796 <1012112796@qq.com>
Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Andrew Thornton <art27@cantab.net>
2022-03-23 13:29:18 +00:00
zeripath 5248232c44
Try to prevent autolinking of displaynames by email readers (#19169)
Unfortunately many email readers will (helpfully) detect url or url-like names and
automatically create links to them, even in HTML emails. This is not ideal when
usernames can have dots in them.

This PR tries to prevent this behaviour by sticking ZWJ characters between dots and
also set the meta tag to prevent format detection.

Not every email template has been changed in this way - just the activation emails but
it may be that we should be setting the above meta tag in all of our emails too.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-23 12:34:20 +00:00
KN4CK3R 3f280f89e7
Update HTTP status codes to modern codes (#18063)
* 2xx/3xx/4xx/5xx -> http.Status...
* http.StatusFound -> http.StatusTemporaryRedirect
* http.StatusMovedPermanently -> http.StatusPermanentRedirect
2022-03-23 12:54:07 +08:00
zeripath 3f71ab9a12
Clean paths when looking in Storage (#19124)
* Clean paths when looking in Storage

Ensure paths are clean for minio aswell as local storage.

Use url.Path not RequestURI/EscapedPath in storageHandler.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

Co-authored-by: Lauris BH <lauris@nix.lv>
2022-03-22 17:02:26 -04:00
zeripath 461068cfa1
Ensure that setting.LocalURL always has a trailing slash (#19171)
Fix #19166

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-22 16:59:57 +00:00
wxiaoguang 7a550b3af2
Use `ctx` instead of `db.DefaultContext` in some packages(routers/services/modules) (#19163)
* Remove `db.DefaultContext` usage in routers, use `ctx` directly

* Use `ctx` directly if there is one, remove some `db.DefaultContext` in `services`

* Use ctx instead of db.DefaultContext for `cmd` and some `modules` packages

* fix incorrect context usage
2022-03-22 16:22:54 +01:00
wxiaoguang 2b55422cd7
Fix the bug: deploy key with write access can not push (#19010)
Use DeployKeyID to replace the IsDeployKey, then CanWriteCode uses the DeployKeyID to check the write permission.
2022-03-22 17:29:07 +08:00
KN4CK3R 80fd25524e
Renamed ctx.User to ctx.Doer. (#19161)
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-22 15:03:22 +08:00
Norwin 77d1c7bf2f
Cleanup protected branches when deleting users & teams (#19158)
* Clean up protected_branches when deleting user

fixes #19094

* Clean up protected_branches when deleting teams

* fix issue

Co-authored-by: Lauris BH <lauris@nix.lv>
2022-03-22 09:09:45 +08:00
zeripath 2d21d2af9e
Make migrations SKIP_TLS_VERIFY apply to git too (#19132)
Make SKIP_TLS_VERIFY apply to git data migrations too through adding the `-c http.sslVerify=false` option to the git clone command.

Fix #18998

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-19 14:16:38 +00:00
6543 60fbaa9068
remove not needed (#19128) 2022-03-18 20:17:57 +01:00
6543 45f8d97131
nit fix (#19116) 2022-03-17 20:04:36 +02:00
Aravinth Manivannan fa73cbf5a7
Store the foreign ID of issues during migration (#18446)
Storing the foreign identifier of an imported issue in the database is a prerequisite to implement idempotent migrations or mirror for issues. It is a baby step towards mirroring that introduces a new table.

At the moment when an issue is created by the Gitea uploader, it fails if the issue already exists. The Gitea uploader could be modified so that, instead of failing, it looks up the database to find an existing issue. And if it does it would update the issue instead of creating a new one. However this is not currently possible because an information is missing from the database: the foreign identifier that uniquely represents the issue being migrated is not persisted. With this change, the foreign identifier is stored in the database and the Gitea uploader will then be able to run a query to figure out if a given issue being imported already exists.

The implementation of mirroring for issues, pull requests, releases, etc. can be done in three steps:

1. Store an identifier for the element being mirrored (issue, pull request...) in the database (this is the purpose of these changes)
2. Modify the Gitea uploader to be able to update an existing repository with all it contains (issues, pull request...) instead of failing if it exists
3. Optimize the Gitea uploader to speed up the updates, when possible.

The second step creates code that does not yet exist to enable idempotent migrations with the Gitea uploader. When a migration is done for the first time, the behavior is not changed. But when a migration is done for a repository that already exists, this new code is used to update it.

The third step can use the code created in the second step to optimize and speed up migrations. For instance, when a migration is resumed, an issue that has an update time that is not more recent can be skipped and only newly created issues or updated ones will be updated. Another example of optimization could be that a webhook notifies Gitea when an issue is updated. The code triggered by the webhook would download only this issue and call the code created in the second step to update the issue, as if it was in the process of an idempotent migration.

The ForeignReferences table is added to contain local and foreign ID pairs relative to a given repository. It can later be used for pull requests and other artifacts that can be mirrored. Although the foreign id could be added as a single field in issues or pull requests, it would need to be added to all tables that represent something that can be mirrored. Creating a new table makes for a simpler and more generic design. The drawback is that it requires an extra lookup to obtain the information. However, this extra information is only required during migration or mirroring and does not impact the way Gitea currently works.

The foreign identifier of an issue or pull request is similar to the identifier of an external user, which is stored in reactions, issues, etc. as OriginalPosterID and so on. The representation of a user is however different and the ability of users to link their account to an external user at a later time is also a logic that is different from what is involved in mirroring or migrations. For these reasons, despite some commonalities, it is unclear at this time how the two tables (foreign reference and external user) could be merged together.

The ForeignID field is extracted from the issue migration context so that it can be dumped in files with dump-repo and later restored via restore-repo.

The GetAllComments downloader method is introduced to simplify the implementation and not overload the Context for the purpose of pagination. It also clarifies in which context the comments are paginated and in which context they are not.

The Context interface is no longer useful for the purpose of retrieving the LocalID and ForeignID since they are now both available from the PullRequest and Issue struct. The Reviewable and Commentable interfaces replace and serve the same purpose.

The Context data member of PullRequest and Issue becomes a DownloaderContext to clarify that its purpose is not to support in memory operations while the current downloader is acting but is not otherwise persisted. It is, for instance, used by the GitLab downloader to store the IsMergeRequest boolean and sort out issues.

---
[source](https://lab.forgefriends.org/forgefriends/forgefriends/-/merge_requests/36)

Signed-off-by: Loïc Dachary <loic@dachary.org>
Co-authored-by: Loïc Dachary <loic@dachary.org>
2022-03-17 18:08:35 +01:00
techknowlogick 0b15a729cf
rm .sample hooks which aren't used (#19101) 2022-03-16 10:33:07 +00:00
techknowlogick ed1d95c55d
use go1.18 to build gitea (#19099)
* use go1.18 to build gitea& update min go version to 1.17

* bump in a few more places

* add a few simple tests for isipprivate

* update go.mod

* update URL to https://go.dev/dl/

* golangci-lint

* attempt golangci-lint workaround

* change version

* bump fumpt version

* skip strings.title test

* go mod tidy

* update tests as some aren't private??

* update tests
2022-03-16 00:08:31 -04:00
Gusted 6ab4a96855
Update golang.org/x/crypto (#19097)
* Update golang.org/x/crypto

- Update dependency to include fix for CVE.
- See https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ?utm_medium=email&utm_source=footer

* Fix deprecation notice

* Remove workaround

- Introduced in https://github.com/go-gitea/gitea/pull/17281
- Fixed in x/crypto:
- 5d542ad81a
- & 3147a52a75

* Update Kex Algorithms

- Use standardized name for curve22519-sha256. 9b076918e3
- Prefer SHA256 version over SHA1 version. e4b3678e5f
2022-03-16 02:59:53 +01:00
Lunny Xiao 49db87a035
Fix lfs bug (#19072)
* Fix lfs bug
2022-03-14 16:18:27 +01:00
6543 bc0d2c8ada
RSS/Atom support for Repos (#19055)
* support for repos
* refactor
* advertise the feeds via meta tags
* allow feed suffix and feed header
* optimize performance
2022-03-13 17:40:47 +01:00
zeripath a0db075f21
If rendering has failed due to a net.OpError stop rendering (attempt 2) (#19049)
Unfortunately #18642 does not work because a `*net.OpError` does not implement
the `Is` interface to make `errors.Is` work correctly - thus leading to the
irritating conclusion that a `*net.OpError` is not a `*net.OpError`.

Here we keep the `errors.Is` because presumably this will be fixed at
some point in the golang main source code but also we add a simply type
cast to also check.

Fix #18629

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-10 20:23:15 +00:00
zeripath 75eb6cc9c1
Improve SyncMirrors logging (#19045)
Yet another issue has come up where the logging from SyncMirrors does not provide
enough context. This PR adds more context to these logging events.

Related #19038

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-10 10:09:48 +00:00
zeripath 1314f38b59
fix pam authorization (#19040)
https://huntr.dev/bounties/8d221f92-b2b1-4878-bc31-66ff272e5ceb/

Co-authored-by: ysf <34326+ysf@users.noreply.github.com>
2022-03-10 10:00:05 +08:00
zeripath 8ddb5490e8
Don't show context cancelled errors in attribute reader (#19006)
Fix #18997

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-08 08:30:14 +00:00
singuliere cc643284de
Add Index to comment for migrations and mirroring (#18806)
Comments have an id (see Gitea[0], GitLab[1], GitHub[2], etc.), and the
comment migration format must represent it during migrations so that
it can be used during mirroring or incremental migrations.

[0] https://try.gitea.io/api/swagger#/issue/issueGetComment
[1] https://docs.gitlab.com/ee/api/discussions.html#get-single-issue-discussion-item
[2] https://docs.github.com/en/rest/reference/issues#get-an-issue-comment

Signed-off-by: Loïc Dachary <loic@dachary.org>
Co-authored-by: Loïc Dachary <loic@dachary.org>
2022-03-06 20:00:41 +01:00
Lunny Xiao b24e8d38af
Support ignore all santize for external renderer (#18984)
* Support ignore all santize for external renderer

* Update docs

* Apply suggestions from code review

Co-authored-by: silverwind <me@silverwind.io>

* Fix doc

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: 6543 <6543@obermui.de>
2022-03-06 16:41:54 +08:00
Jimmy Praet 5184c83f6b
Add config option to disable "Update branch by rebase" (#18745) 2022-03-04 03:30:49 -05:00
6543 efd10f1ab4
git backend ignore replace objects (#18979)
* git backend ignore replace objects

* comment
2022-03-02 20:13:19 +00:00
wxiaoguang dd712b77f7
Refactor admin user filter query parameters (#18965)
Only pass `status_filter` on admin page
Use a more general method to pass query parameters, remove hard-coded keys
2022-03-02 16:30:14 +01:00
Otto Richter (fnetX) aee0fa68a7
Fix admin user list pagination (#18957) 2022-03-01 20:21:37 +01:00
Otto Richter (fnetX) 062fd4c217
[API] Allow removing issues (#18879)
Add new feature to delete issues and pulls via API

Co-authored-by: fnetx <git@fralix.ovh>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-03-01 01:20:15 +01:00
René Schaar 6859b69198
Refactor SecToTime() function (#18863)
- Add helper method to reduce redundancy
- Expand the scope from displaying days to years
- Reduce irrelevance by not displaying small units (hours, minutes, seconds) when bigger ones apply (years)
2022-02-28 23:57:20 +01:00
zeripath 4697735c8d
Adjust error for already locked db and prevent level db lock on malformed connstr (#18923)
This PR adjusts the error returned when there is failure to lock the level db, and
permits a connections to the same leveldb where there is a different connection string.

Reference #18921
Reference #18917

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-02-27 19:45:06 +00:00
Gusted 962725cdbb
Allow adminstrator teams members to see other teams (#18918)
* Allow adminstrator teams to see other teams

- Allow team members with adminstrator access, to view other teams.
- Resolves #18885
2022-02-26 21:12:01 +01:00
Gusted bf2867dec2
Don't treat BOM escape sequence as hidden character. (#18909)
* Don't treat BOM escape sequence as hidden character.

- BOM sequence is a common non-harmfull escape sequence, it shouldn't be
shown as hidden character.
- Follows GitHub's behavior.
- Resolves #18837

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-02-26 16:48:23 +00:00
silverwind fa0e2d60c2
Disable service worker by default (#18914)
The service worker causes a lot of issues with JS errors after instance
upgrades while not bringing any real performance gain over regular HTTP
caching.

Disable it by default for this reason. Maybe later we can remove it
completely, as I simply see no benefit in having it.
2022-02-26 18:14:23 +08:00
Alexander Neumann fd273b05b9
Correctly link URLs to users/repos with dashes, dots or underscores (#18890)
* Add tests for references with dashes

This commit adds tests for full URLs referencing repos names and user
names containing a dash.

* Extend regex to match URLs to repos/users with dashes
2022-02-26 00:26:43 +01:00
singuliere 49cab2b01f
migrations: add test for importing pull requests in gitea uploader (#18752)
* logs: add the buffer logger to inspect logs during testing

Signed-off-by: Loïc Dachary <loic@dachary.org>

* migrations: add test for importing pull requests in gitea uploader

Signed-off-by: Loïc Dachary <loic@dachary.org>

* for each git.OpenRepositoryCtx, call Close

* Content is expected to return the content of the log

* test for errors before defer

Co-authored-by: Loïc Dachary <loic@dachary.org>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-02-25 17:20:50 +08:00
zeripath f1c6cf7c51
Prevent Stats Indexer reporting error if repo dir missing (#18870)
Repositories missing their directory should not report an error from the stats
indexer.

Close #18847

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-02-24 23:22:09 -05:00
silverwind 2b9df564b8
Lock gofumpt to v0.3.0 and run it (#18866)
We can't depend on `latest` version of gofumpt because the output will
not be stable across versions. Lock it down to the latest version
released yesterday and run it again.
2022-02-23 20:16:07 +00:00
zeripath 83c9035971
Immediately Hammer if second kill is sent (#18823)
Currently Gitea will wait for HammerTime or nice shutdown if kill -1 or kill -2
is sent. We should just immediately hammer if there is a second kill.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-02-19 16:36:25 +00:00
zeripath 4b3ebda0e7
Fix panic in EscapeReader (#18820)
There is a potential panic due to a mistaken resetting of the length parameter when
multibyte characters go over a read boundary.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-02-19 15:25:31 +00:00
Lunny Xiao a7b9d44d88
Fix problem when self-assign notification (#18797) 2022-02-18 14:06:57 +08:00
Ghanem 185646723c
Fix redirect when using lowercase reponame (#18775)
* Previously,  `GET {username}/{reponame}/raw///file-path` (the middle two slashes are blank to get the default branch) when the repo name has uppercase letters, e.g., https://try.gitea.io/AbdulrhmnGhanem/CH330_Hardware, using a lowercase version of the name redirected to the correct URL
* In other words both
   * `GET https://try.gitea.io/AbdulrhmnGhanem/CH330_Hardware/raw///images/back.png`
   * `GET https://try.gitea.io/AbdulrhmnGhanem/ch330_hardware/raw///images/back.png`
were redirecting to ` GET https://try.gitea.io/AbdulrhmnGhanem/CH330_Hardware/raw/branch/master/images/back.png`
This isn't the case after  #17551. Specifically because of this [line](cbd5eecd14/modules/context/repo.go (L860)).
2022-02-18 00:11:27 +08:00
René Schaar 609c91665e
Fix display time of milestones (#18753)
* Fix display time of milestones

* Move the SecToTime function

From the models/issue_stopwatch.go file to the modules/util package

* Rename the sec_to_time file

* Updated formatting

* Include copyright notice in sec_to_time.go

* Apply PR review suggestions

- Update copyright notice dates to 2022
- Change `1 day 3h 5min 7s` to `1d 3h 5m 7s`

* Rename hrs var and combine conditions

* Update unit tests to match new time pattern

Changed `1min` to `1m`

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-02-16 00:50:10 +08:00
zeripath 4482f62a26
Prevent dangling GetAttribute calls (#18754)
It appears possible that there could be a hang due to unread data from the
repo-attribute command pipes. This PR simply closes these during the defer.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-02-14 18:03:56 +01:00
Lunny Xiao 1b1658d887
Fix isempty detection of git repository (#18746)
* Fix isempty detection of git repository

* Fix IsEmpty check
2022-02-14 00:01:23 +08:00
flozzone a39287cd4e
Send mail to issue/pr assignee/reviewer also when OnMention is set (#18707)
I want to address #17892, where emails notifications are not sent to assignees (issue and PR) and reviewers (PR) when they have the email setting Only email on mention enabled.

From the user experience perspective, when a user gets a issue/PR assigned or a PR review request, he/she would expect to be implicitly mentioned since the assignment or request is personal and targeting a single person only. Thus I see #17892 as a bug. Could we therefore mark this ticket as such?

The changed code just explicitly checks for the EmailNotificationsOnMention setting beside the existing EmailNotificationsEnabled check. Too rude?

@lunny mentioned a mock mail server for tests, is there something ready. How could I make use of it?

#12774 (comment)

Fix #17892
2022-02-12 07:17:34 +00:00
zeripath 4e57bd1d30
Add number in queue status to monitor page (#18712)
Add number in queue status to the monitor page so that administrators can
assess how much work is left to be done in the queues.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-02-12 13:31:26 +08:00
Lunny Xiao e0688995ef
Display template path of current page in dev mode (#18717)
* Display template path of current page in dev mode

* improve code

* Update templates/base/footer_content.tmpl

Co-authored-by: silverwind <me@silverwind.io>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2022-02-12 01:08:22 +08:00
Martin Scholz 26718a785a
Change git.cmd to RunWithContext (#18693)
Change all `cmd...Pipeline` commands to `cmd.RunWithContext`.

#18553

Co-authored-by: Martin Scholz <martin.scholz@versasec.com>
2022-02-11 13:47:22 +01:00
Gusted 581d29ec1d
Update SSH Server crypto settings (#18697)
- Use a better and more curated list of Ciphers and KeyExchanges, these roughly follows OpenSSH's default.
- Remove some cryptography values which were deprecated.
2022-02-10 17:04:16 +01:00
zeripath eb748f5f3c
Add apply-patch, basic revert and cherry-pick functionality (#17902)
This code adds a simple endpoint to apply patches to repositories and
branches on gitea. This is then used along with the conflicting checking
code in #18004 to provide a basic implementation of cherry-pick revert.

Now because the buttons necessary for cherry-pick and revert have 
required us to create a dropdown next to the Browse Source button
I've also implemented Create Branch and Create Tag operations.

Fix #3880 
Fix #17986 

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-02-09 20:28:55 +00:00
zeripath 2f76608221
Prevent security failure due to bad APP_ID (#18678)
WebAuthn may cause a security exception if the provided APP_ID is not allowed for the
current origin. Therefore we should reattempt authentication without the appid
extension.

Also we should allow [u2f] as-well as [U2F] sections.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-02-09 15:37:58 +08:00
zeripath f8b21ac04a
Simplify Boost/Pause logic (#18673)
* Simplify Boost/Pause logic

#18658 has added a check to see if we need to boost because there is still work to do
however the check is slightly complex and not ideal. There's no point boosting if
the queue is paused or can't scale. Therefore merge the two selects into one and add
a check to p.paused.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* And on resume add a zeroboost if necessary

Signed-off-by: Andrew Thornton <art27@cantab.net>

* simplify

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
2022-02-08 13:53:34 -05:00
zeripath df44017328
Restart zero worker if there is still work to do (#18658)
* Restart zero worker if there is still work to do

It is possible for the zero worker to timeout before all the work is finished.
This may mean that work may take a long time to complete because a worker will only
be induced on repushing.

Also ensure that requested count is reset after pulls and push mirror sync requests and add some more trace logging to the queue push.

Fix #18607

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-02-08 14:02:32 +00:00
Cristian Le 60f203385e
Support custom ACME provider (#18340)
* Added ACMECAURL option to support custom ACME provider. Closes #18306
* Refactor setting.go https settings, renamed options and variables, and documented app.example.ini
* Refactored runLetsEncrypt to runACME
* Improved documentation
2022-02-08 13:45:35 +08:00
wxiaoguang a60e8be8d1
Refactor i18n, use Locale to provide i18n/translation related functions (#18648)
* remove unnecessary web context data fields, and unify the i18n/translation related functions to `Locale`
* in development, show an error if a translation key is missing
* remove the unnecessary loops `for _, lang := range translation.AllLangs()` for every request, which improves the performance slightly
* use `ctx.Locale.Language()` instead of `ctx.Data["Lang"].(string)`
* add more comments about how the Locale/LangType fields are used
2022-02-08 11:02:30 +08:00
Gusted 7b25a010c8
Only request write when necessary (#18657)
* Only request write when necessary

- Only request write for `INTERNAL_TOKEN_URI` when no token was found.
- Resolves #18655

* Fix perm

* Update setting.go

* Update setting.go

* Update setting.go

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2022-02-08 09:34:37 +08:00
Clar Fon 99d14f6051
Add separate SSH_USER config option (#17584)
Co-authored-by: zeripath <art27@cantab.net>
2022-02-07 16:56:45 -05:00
wxiaoguang c2a3e38194
Fix the missing i18n key for update checker (#18646) 2022-02-07 15:43:53 +08:00
zeripath a6e657e999
If rendering has failed due to a net.OpError stop rendering (#18642)
When a net.OpError occurs during rendering the underlying connection is essentially
dead and therefore attempting to render further data will only cause further errors.

Therefore in serverErrorInternal detect if the passed in error is an OpError and
if so do not attempt any further rendering.

Fix #18629

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-02-06 20:28:25 +01:00
6543 3043eb36bf
Delete old git.NewCommand() and use it as git.NewCommandContext() (#18552) 2022-02-06 20:01:47 +01:00
zeripath 9419dd2b62
Stop logging an error when notes are not found (#18626)
This is an unnecessary logging event.

Fix #18616

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-02-06 15:11:35 +08:00
zeripath 7ba1b7112f
Only attempt to flush queue if the underlying worker pool is not finished (#18593)
* Only attempt to flush queue if the underlying worker pool is not finished

There is a possible race whereby a worker pool could be cancelled but yet the
underlying queue is not empty. This will lead to flush-all cycling because it
cannot empty the pool.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

Co-authored-by: Gusted <williamzijl7@hotmail.com>

Co-authored-by: Gusted <williamzijl7@hotmail.com>
2022-02-05 20:51:25 +00:00
Gusted aa23f477b7
Use `CryptoRandomBytes` instead of `CryptoRandomString` (#18439)
- Switch to use `CryptoRandomBytes` instead of `CryptoRandomString`, OAuth's secrets are copied pasted and don't need to avoid dubious characters etc.
- `CryptoRandomBytes` gives ![2^256 = 1.15 * 10^77](https://render.githubusercontent.com/render/math?math=2^256%20=%201.15%20\cdot%2010^77) `CryptoRandomString` gives ![62^44 = 7.33 * 10^78](https://render.githubusercontent.com/render/math?math=62^44%20=%207.33%20\cdot%2010^78) possible states.
- Add a prefix, such that code scanners can easily grep these in source code.
- 32 Bytes + prefix
2022-02-04 18:03:15 +01:00
zeripath 76e3111596
Collaborator trust model should trust collaborators (#18539)
* Collaborator trust model should trust collaborators

There was an unintended regression in #17917 which leads to only
repository admin commits being trusted. This PR restores the old logic.

Fix #18501

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-02-02 11:10:06 +01:00
Gusted d3b31cc1ee
Add `GetUserTeams` (#18499)
* COrrect use `UserID` in `SearchTeams`

- Use `UserID` in the `SearchTeams` function, currently it was useless
to pass such information. Now it does a INNER statement to `team_user`
which obtains UserID -> TeamID data.
- Make OrgID optional.
- Resolves #18484

* Seperate searching specific user

* Add condition back

* Use correct struct type

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-02-01 14:09:24 -05:00
singuliere 367894adc8
add test coverage for original author conversion during migrations (#18506)
* add test coverage for original author conversion during migrations

And create a function to factorize a code snippet that is repeated
five times and would otherwise be more difficult to test and maintain
consistently.

Signed-off-by: Loïc Dachary <loic@dachary.org>

* fix variable scope and int64 formatting

* add missing calls to remapExternalUser and fix misplaced %d

Co-authored-by: Loïc Dachary <loic@dachary.org>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-02-01 13:20:28 -05:00
6543 6f6b8491da
add gitea-fmt back (#18526) 2022-02-01 12:43:09 -05:00