0
0
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2024-11-25 11:22:50 +01:00
gitea/go.mod

307 lines
14 KiB
Modula-2
Raw Normal View History

module code.gitea.io/gitea
go 1.18
require (
code.gitea.io/gitea-vet v0.2.2-0.20220122151748-48ebc902541b
code.gitea.io/sdk/gitea v0.15.1
codeberg.org/gusted/mcaptcha v0.0.0-20220722211632-55c1ffff1222
gitea.com/go-chi/binding v0.0.0-20220309004920-114340dabecb
gitea.com/go-chi/cache v0.2.0
2021-10-14 04:50:23 +02:00
gitea.com/go-chi/captcha v0.0.0-20211013065431-70641c1a35d5
gitea.com/go-chi/session v0.0.0-20211218221615-e3605d8b28b8
gitea.com/lunny/levelqueue v0.4.2-0.20220729054728-f020868cc2f7
github.com/42wim/sshsig v0.0.0-20211121163825-841cf5bbc121
Move macaron to chi (#14293) Use [chi](https://github.com/go-chi/chi) instead of the forked [macaron](https://gitea.com/macaron/macaron). Since macaron and chi have conflicts with session share, this big PR becomes a have-to thing. According my previous idea, we can replace macaron step by step but I'm wrong. :( Below is a list of big changes on this PR. - [x] Define `context.ResponseWriter` interface with an implementation `context.Response`. - [x] Use chi instead of macaron, and also a customize `Route` to wrap chi so that the router usage is similar as before. - [x] Create different routers for `web`, `api`, `internal` and `install` so that the codes will be more clear and no magic . - [x] Use https://github.com/unrolled/render instead of macaron's internal render - [x] Use https://github.com/NYTimes/gziphandler instead of https://gitea.com/macaron/gzip - [x] Use https://gitea.com/go-chi/session which is a modified version of https://gitea.com/macaron/session and removed `nodb` support since it will not be maintained. **BREAK** - [x] Use https://gitea.com/go-chi/captcha which is a modified version of https://gitea.com/macaron/captcha - [x] Use https://gitea.com/go-chi/cache which is a modified version of https://gitea.com/macaron/cache - [x] Use https://gitea.com/go-chi/binding which is a modified version of https://gitea.com/macaron/binding - [x] Use https://github.com/go-chi/cors instead of https://gitea.com/macaron/cors - [x] Dropped https://gitea.com/macaron/i18n and make a new one in `code.gitea.io/gitea/modules/translation` - [x] Move validation form structs from `code.gitea.io/gitea/modules/auth` to `code.gitea.io/gitea/modules/forms` to avoid dependency cycle. - [x] Removed macaron log service because it's not need any more. **BREAK** - [x] All form structs have to be get by `web.GetForm(ctx)` in the route function but not as a function parameter on routes definition. - [x] Move Git HTTP protocol implementation to use routers directly. - [x] Fix the problem that chi routes don't support trailing slash but macaron did. - [x] `/api/v1/swagger` now will be redirect to `/api/swagger` but not render directly so that `APIContext` will not create a html render. Notices: - Chi router don't support request with trailing slash - Integration test `TestUserHeatmap` maybe mysql version related. It's failed on my macOS(mysql 5.7.29 installed via brew) but succeed on CI. Co-authored-by: 6543 <6543@obermui.de>
2021-01-26 16:36:53 +01:00
github.com/NYTimes/gziphandler v1.1.1
bump go deps (#19021) * update gitea.com/go-chi/binding * update gitea.com/go-chi/cache * update github.com/42wim/sshsig * update github.com/PuerkitoBio/goquery * update github.com/blevesearch/bleve/v2 * update github.com/caddyserver/certmagic * update github.com/denisenkom/go-mssqldb * update github.com/duo-labs/webauthn * update github.com/dustin/go-humanize * update github.com/editorconfig/editorconfig-core-go/v2 * update github.com/ethantkoenig/rupture * update github.com/go-chi/chi/v5 * update github.com/go-git/go-git/v5 * update github.com/go-ldap/ldap/v3 * update github.com/go-redis/redis/v8 * update github.com/go-swagger/go-swagger * update github.com/gogs/chardet * update github.com/golang-jwt/jwt/v4 * update github.com/hashicorp/go-version * update github.com/jaytaylor/html2text * update github.com/klauspost/compress * update github.com/lib/pq * update github.com/markbates/goth * update github.com/mattn/go-sqlite3 * update github.com/mholt/archiver/v3 * update github.com/microcosm-cc/bluemonday * update github.com/minio/minio-go/v7 * update github.com/msteinert/pam * update github.com/niklasfasching/go-org * update github.com/olivere/elastic/v7 * update github.com/prometheus/client_golang * update github.com/quasoft/websspi * update github.com/stretchr/testify * update github.com/unknwon/i18n * update github.com/unrolled/render * update github.com/xanzy/go-gitlab * update github.com/yuin/goldmark * update github.com/yuin/goldmark-highlighting * update github.com/yuin/goldmark-meta * post make vendor Signed-off-by: Andrew Thornton <art27@cantab.net> * add make vendor back into update_dependencies.sh Signed-off-by: Andrew Thornton <art27@cantab.net> * Update update_dependencies.sh * Update contrib/update_dependencies.sh Co-authored-by: zeripath <art27@cantab.net> * update mvdan.cc/xurls/v2 Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-08 12:15:30 +01:00
github.com/PuerkitoBio/goquery v1.8.0
2022-01-20 10:59:15 +01:00
github.com/alecthomas/chroma v0.10.0
github.com/blevesearch/bleve/v2 v2.3.2
github.com/buildkite/terminal-to-html/v3 v3.6.1
github.com/caddyserver/certmagic v0.16.1
github.com/chi-middleware/proxy v1.1.1
bump go deps (#19021) * update gitea.com/go-chi/binding * update gitea.com/go-chi/cache * update github.com/42wim/sshsig * update github.com/PuerkitoBio/goquery * update github.com/blevesearch/bleve/v2 * update github.com/caddyserver/certmagic * update github.com/denisenkom/go-mssqldb * update github.com/duo-labs/webauthn * update github.com/dustin/go-humanize * update github.com/editorconfig/editorconfig-core-go/v2 * update github.com/ethantkoenig/rupture * update github.com/go-chi/chi/v5 * update github.com/go-git/go-git/v5 * update github.com/go-ldap/ldap/v3 * update github.com/go-redis/redis/v8 * update github.com/go-swagger/go-swagger * update github.com/gogs/chardet * update github.com/golang-jwt/jwt/v4 * update github.com/hashicorp/go-version * update github.com/jaytaylor/html2text * update github.com/klauspost/compress * update github.com/lib/pq * update github.com/markbates/goth * update github.com/mattn/go-sqlite3 * update github.com/mholt/archiver/v3 * update github.com/microcosm-cc/bluemonday * update github.com/minio/minio-go/v7 * update github.com/msteinert/pam * update github.com/niklasfasching/go-org * update github.com/olivere/elastic/v7 * update github.com/prometheus/client_golang * update github.com/quasoft/websspi * update github.com/stretchr/testify * update github.com/unknwon/i18n * update github.com/unrolled/render * update github.com/xanzy/go-gitlab * update github.com/yuin/goldmark * update github.com/yuin/goldmark-highlighting * update github.com/yuin/goldmark-meta * post make vendor Signed-off-by: Andrew Thornton <art27@cantab.net> * add make vendor back into update_dependencies.sh Signed-off-by: Andrew Thornton <art27@cantab.net> * Update update_dependencies.sh * Update contrib/update_dependencies.sh Co-authored-by: zeripath <art27@cantab.net> * update mvdan.cc/xurls/v2 Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-08 12:15:30 +01:00
github.com/denisenkom/go-mssqldb v0.12.0
github.com/djherbis/buffer v1.2.0
github.com/djherbis/nio/v3 v3.0.1
github.com/duo-labs/webauthn v0.0.0-20220330035159-03696f3d4499
github.com/dustin/go-humanize v1.0.0
github.com/editorconfig/editorconfig-core-go/v2 v2.4.4
github.com/emirpasic/gods v1.18.1
bump go deps (#19021) * update gitea.com/go-chi/binding * update gitea.com/go-chi/cache * update github.com/42wim/sshsig * update github.com/PuerkitoBio/goquery * update github.com/blevesearch/bleve/v2 * update github.com/caddyserver/certmagic * update github.com/denisenkom/go-mssqldb * update github.com/duo-labs/webauthn * update github.com/dustin/go-humanize * update github.com/editorconfig/editorconfig-core-go/v2 * update github.com/ethantkoenig/rupture * update github.com/go-chi/chi/v5 * update github.com/go-git/go-git/v5 * update github.com/go-ldap/ldap/v3 * update github.com/go-redis/redis/v8 * update github.com/go-swagger/go-swagger * update github.com/gogs/chardet * update github.com/golang-jwt/jwt/v4 * update github.com/hashicorp/go-version * update github.com/jaytaylor/html2text * update github.com/klauspost/compress * update github.com/lib/pq * update github.com/markbates/goth * update github.com/mattn/go-sqlite3 * update github.com/mholt/archiver/v3 * update github.com/microcosm-cc/bluemonday * update github.com/minio/minio-go/v7 * update github.com/msteinert/pam * update github.com/niklasfasching/go-org * update github.com/olivere/elastic/v7 * update github.com/prometheus/client_golang * update github.com/quasoft/websspi * update github.com/stretchr/testify * update github.com/unknwon/i18n * update github.com/unrolled/render * update github.com/xanzy/go-gitlab * update github.com/yuin/goldmark * update github.com/yuin/goldmark-highlighting * update github.com/yuin/goldmark-meta * post make vendor Signed-off-by: Andrew Thornton <art27@cantab.net> * add make vendor back into update_dependencies.sh Signed-off-by: Andrew Thornton <art27@cantab.net> * Update update_dependencies.sh * Update contrib/update_dependencies.sh Co-authored-by: zeripath <art27@cantab.net> * update mvdan.cc/xurls/v2 Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-08 12:15:30 +01:00
github.com/ethantkoenig/rupture v1.0.1
github.com/felixge/fgprof v0.9.2
github.com/fsnotify/fsnotify v1.5.4
github.com/gliderlabs/ssh v0.3.4
User keypairs and HTTP signatures for ActivityPub federation using go-ap (#19133) * go.mod: add go-fed/{httpsig,activity/pub,activity/streams} dependency go get github.com/go-fed/activity/streams@master go get github.com/go-fed/activity/pub@master go get github.com/go-fed/httpsig@master * activitypub: implement /api/v1/activitypub/user/{username} (#14186) Return informations regarding a Person (as defined in ActivityStreams https://www.w3.org/TR/activitystreams-vocabulary/#dfn-person). Refs: https://github.com/go-gitea/gitea/issues/14186 Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: add the public key to Person (#14186) Refs: https://github.com/go-gitea/gitea/issues/14186 Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: go-fed conformant Clock instance Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: signing http client Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: implement the ReqSignature middleware Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: hack_16834 Signed-off-by: Loïc Dachary <loic@dachary.org> * Fix CI checks-backend errors with go mod tidy Signed-off-by: Anthony Wang <ta180m@pm.me> * Change 2021 to 2022, properly format package imports Signed-off-by: Anthony Wang <ta180m@pm.me> * Run make fmt and make generate-swagger Signed-off-by: Anthony Wang <ta180m@pm.me> * Use Gitea JSON library, add assert for pkp Signed-off-by: Anthony Wang <ta180m@pm.me> * Run make fmt again, fix err var redeclaration Signed-off-by: Anthony Wang <ta180m@pm.me> * Remove LogSQL from ActivityPub person test Signed-off-by: Anthony Wang <ta180m@pm.me> * Assert if json.Unmarshal succeeds Signed-off-by: Anthony Wang <ta180m@pm.me> * Cleanup, handle invalid usernames for ActivityPub person GET request Signed-off-by: Anthony Wang <ta180m@pm.me> * Rename hack_16834 to user_settings Signed-off-by: Anthony Wang <ta180m@pm.me> * Use the httplib module instead of http for GET requests * Clean up whitespace with make fmt * Use time.RFC1123 and make the http.Client proxy-aware * Check if digest algo is supported in setting module * Clean up some variable declarations * Remove unneeded copy * Use system timezone instead of setting.DefaultUILocation * Use named constant for httpsigExpirationTime * Make pubKey IRI #main-key instead of /#main-key * Move /#main-key to #main-key in tests * Implemented Webfinger endpoint. * Add visible check. * Add user profile as alias. * Add actor IRI and remote interaction URL to WebFinger response * fmt * Fix lint errors * Use go-ap instead of go-fed * Run go mod tidy to fix missing modules in go.mod and go.sum * make fmt * Convert remaining code to go-ap * Clean up go.sum * Fix JSON unmarshall error * Fix CI errors by adding @context to Person() and making sure types match * Correctly decode JSON in api_activitypub_person_test.go * Force CI rerun * Fix TestActivityPubPersonInbox segfault * Fix lint error * Use @mariusor's suggestions for idiomatic go-ap usage * Correctly add inbox/outbox IRIs to person * Code cleanup * Remove another LogSQL from ActivityPub person test * Move httpsig algos slice to an init() function * Add actor IRI and remote interaction URL to WebFinger response * Update TestWebFinger to check for ActivityPub IRI in aliases * make fmt * Force CI rerun * WebFinger: Add CORS header and fix Href -> Template for remote interactions The CORS header is needed due to https://datatracker.ietf.org/doc/html/rfc7033#section-5 and fixes some Peertube <-> Gitea federation issues * make lint-backend * Make sure Person endpoint has Content-Type application/activity+json and includes PreferredUsername, URL, and Icon Setting the correct Content-Type is essential for federating with Mastodon * Use UTC instead of GMT * Rename pkey to pubKey * Make sure HTTP request Date in GMT * make fmt * dont drop err * Make sure API responses always refer to username in original case Copied from what I wrote on #19133 discussion: Handling username case is a very tricky issue and I've already encountered a Mastodon <-> Gitea federation bug due to Gitea considering Ta180m and ta180m to be the same user while Mastodon thinks they are two different users. I think the best way forward is for Gitea to only use the original case version of the username for federation so other AP software don't get confused. * Move httpsig algs constant slice to modules/setting/federation.go * Add new federation settings to app.example.ini and config-cheat-sheet * Return if marshalling error * Make sure Person IRIs are generated correctly This commit ensures that if the setting.AppURL is something like "http://127.0.0.1:42567" (like in the integration tests), a trailing slash will be added after that URL. * If httpsig verification fails, fix Host header and try again This fixes a very rare bug when Gitea and another AP server (confirmed to happen with Mastodon) are running on the same machine, Gitea fails to verify incoming HTTP signatures. This is because the other AP server creates the sig with the public Gitea domain as the Host. However, when Gitea receives the request, the Host header is instead localhost, so the signature verification fails. Manually changing the host header to the correct value and trying the veification again fixes the bug. * Revert "If httpsig verification fails, fix Host header and try again" This reverts commit f53e46c721a037c55facb9200106a6b491bf834c. The bug was actually caused by nginx messing up the Host header when reverse-proxying since I didn't have the line `proxy_set_header Host $host;` in my nginx config for Gitea. * Go back to using ap.IRI to generate inbox and outbox IRIs * use const for key values * Update routers/web/webfinger.go * Use ctx.JSON in Person response to make code cleaner * Revert "Use ctx.JSON in Person response to make code cleaner" This doesn't work because the ctx.JSON() function already sends the response out and it's too late to edit the headers. This reverts commit 95aad988975be3393c76094864ed6ba962157e0c. * Use activitypub.ActivityStreamsContentType for Person response Content Type * Limit maximum ActivityPub request and response sizes to a configurable setting * Move setting key constants to models/user/setting_keys.go * Fix failing ActivityPubPerson integration test by checking the correct field for username * Add a warning about changing settings that can break federation * Add better comments * Don't multiply Federation.MaxSize by 1<<20 twice * Add more better comments * Fix failing ActivityPubMissingPerson test We now use ctx.ContextUser so the message printed out when a user does not exist is slightly different * make generate-swagger For some reason I didn't realize that /templates/swagger/v1_json.tmpl was machine-generated by make generate-swagger... I've been editing it by hand for three months! 🤦 * Move getting the RFC 2616 time to a separate function * More code cleanup * Update go-ap to fix empty liked collection and removed unneeded HTTP headers * go mod tidy * Add ed25519 to httpsig algorithms * Use go-ap/jsonld to add @context and marshal JSON * Change Gitea user agent from the default to Gitea/Version * Use ctx.ServerError and remove all remote interaction code from webfinger.go
2022-06-19 07:25:12 +02:00
github.com/go-ap/activitypub v0.0.0-20220615144428-48208c70483b
github.com/go-ap/jsonld v0.0.0-20220615144122-1d862b15410d
bump go deps (#19021) * update gitea.com/go-chi/binding * update gitea.com/go-chi/cache * update github.com/42wim/sshsig * update github.com/PuerkitoBio/goquery * update github.com/blevesearch/bleve/v2 * update github.com/caddyserver/certmagic * update github.com/denisenkom/go-mssqldb * update github.com/duo-labs/webauthn * update github.com/dustin/go-humanize * update github.com/editorconfig/editorconfig-core-go/v2 * update github.com/ethantkoenig/rupture * update github.com/go-chi/chi/v5 * update github.com/go-git/go-git/v5 * update github.com/go-ldap/ldap/v3 * update github.com/go-redis/redis/v8 * update github.com/go-swagger/go-swagger * update github.com/gogs/chardet * update github.com/golang-jwt/jwt/v4 * update github.com/hashicorp/go-version * update github.com/jaytaylor/html2text * update github.com/klauspost/compress * update github.com/lib/pq * update github.com/markbates/goth * update github.com/mattn/go-sqlite3 * update github.com/mholt/archiver/v3 * update github.com/microcosm-cc/bluemonday * update github.com/minio/minio-go/v7 * update github.com/msteinert/pam * update github.com/niklasfasching/go-org * update github.com/olivere/elastic/v7 * update github.com/prometheus/client_golang * update github.com/quasoft/websspi * update github.com/stretchr/testify * update github.com/unknwon/i18n * update github.com/unrolled/render * update github.com/xanzy/go-gitlab * update github.com/yuin/goldmark * update github.com/yuin/goldmark-highlighting * update github.com/yuin/goldmark-meta * post make vendor Signed-off-by: Andrew Thornton <art27@cantab.net> * add make vendor back into update_dependencies.sh Signed-off-by: Andrew Thornton <art27@cantab.net> * Update update_dependencies.sh * Update contrib/update_dependencies.sh Co-authored-by: zeripath <art27@cantab.net> * update mvdan.cc/xurls/v2 Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-08 12:15:30 +01:00
github.com/go-chi/chi/v5 v5.0.7
github.com/go-chi/cors v1.2.1
github.com/go-enry/go-enry/v2 v2.8.2
User keypairs and HTTP signatures for ActivityPub federation using go-ap (#19133) * go.mod: add go-fed/{httpsig,activity/pub,activity/streams} dependency go get github.com/go-fed/activity/streams@master go get github.com/go-fed/activity/pub@master go get github.com/go-fed/httpsig@master * activitypub: implement /api/v1/activitypub/user/{username} (#14186) Return informations regarding a Person (as defined in ActivityStreams https://www.w3.org/TR/activitystreams-vocabulary/#dfn-person). Refs: https://github.com/go-gitea/gitea/issues/14186 Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: add the public key to Person (#14186) Refs: https://github.com/go-gitea/gitea/issues/14186 Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: go-fed conformant Clock instance Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: signing http client Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: implement the ReqSignature middleware Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: hack_16834 Signed-off-by: Loïc Dachary <loic@dachary.org> * Fix CI checks-backend errors with go mod tidy Signed-off-by: Anthony Wang <ta180m@pm.me> * Change 2021 to 2022, properly format package imports Signed-off-by: Anthony Wang <ta180m@pm.me> * Run make fmt and make generate-swagger Signed-off-by: Anthony Wang <ta180m@pm.me> * Use Gitea JSON library, add assert for pkp Signed-off-by: Anthony Wang <ta180m@pm.me> * Run make fmt again, fix err var redeclaration Signed-off-by: Anthony Wang <ta180m@pm.me> * Remove LogSQL from ActivityPub person test Signed-off-by: Anthony Wang <ta180m@pm.me> * Assert if json.Unmarshal succeeds Signed-off-by: Anthony Wang <ta180m@pm.me> * Cleanup, handle invalid usernames for ActivityPub person GET request Signed-off-by: Anthony Wang <ta180m@pm.me> * Rename hack_16834 to user_settings Signed-off-by: Anthony Wang <ta180m@pm.me> * Use the httplib module instead of http for GET requests * Clean up whitespace with make fmt * Use time.RFC1123 and make the http.Client proxy-aware * Check if digest algo is supported in setting module * Clean up some variable declarations * Remove unneeded copy * Use system timezone instead of setting.DefaultUILocation * Use named constant for httpsigExpirationTime * Make pubKey IRI #main-key instead of /#main-key * Move /#main-key to #main-key in tests * Implemented Webfinger endpoint. * Add visible check. * Add user profile as alias. * Add actor IRI and remote interaction URL to WebFinger response * fmt * Fix lint errors * Use go-ap instead of go-fed * Run go mod tidy to fix missing modules in go.mod and go.sum * make fmt * Convert remaining code to go-ap * Clean up go.sum * Fix JSON unmarshall error * Fix CI errors by adding @context to Person() and making sure types match * Correctly decode JSON in api_activitypub_person_test.go * Force CI rerun * Fix TestActivityPubPersonInbox segfault * Fix lint error * Use @mariusor's suggestions for idiomatic go-ap usage * Correctly add inbox/outbox IRIs to person * Code cleanup * Remove another LogSQL from ActivityPub person test * Move httpsig algos slice to an init() function * Add actor IRI and remote interaction URL to WebFinger response * Update TestWebFinger to check for ActivityPub IRI in aliases * make fmt * Force CI rerun * WebFinger: Add CORS header and fix Href -> Template for remote interactions The CORS header is needed due to https://datatracker.ietf.org/doc/html/rfc7033#section-5 and fixes some Peertube <-> Gitea federation issues * make lint-backend * Make sure Person endpoint has Content-Type application/activity+json and includes PreferredUsername, URL, and Icon Setting the correct Content-Type is essential for federating with Mastodon * Use UTC instead of GMT * Rename pkey to pubKey * Make sure HTTP request Date in GMT * make fmt * dont drop err * Make sure API responses always refer to username in original case Copied from what I wrote on #19133 discussion: Handling username case is a very tricky issue and I've already encountered a Mastodon <-> Gitea federation bug due to Gitea considering Ta180m and ta180m to be the same user while Mastodon thinks they are two different users. I think the best way forward is for Gitea to only use the original case version of the username for federation so other AP software don't get confused. * Move httpsig algs constant slice to modules/setting/federation.go * Add new federation settings to app.example.ini and config-cheat-sheet * Return if marshalling error * Make sure Person IRIs are generated correctly This commit ensures that if the setting.AppURL is something like "http://127.0.0.1:42567" (like in the integration tests), a trailing slash will be added after that URL. * If httpsig verification fails, fix Host header and try again This fixes a very rare bug when Gitea and another AP server (confirmed to happen with Mastodon) are running on the same machine, Gitea fails to verify incoming HTTP signatures. This is because the other AP server creates the sig with the public Gitea domain as the Host. However, when Gitea receives the request, the Host header is instead localhost, so the signature verification fails. Manually changing the host header to the correct value and trying the veification again fixes the bug. * Revert "If httpsig verification fails, fix Host header and try again" This reverts commit f53e46c721a037c55facb9200106a6b491bf834c. The bug was actually caused by nginx messing up the Host header when reverse-proxying since I didn't have the line `proxy_set_header Host $host;` in my nginx config for Gitea. * Go back to using ap.IRI to generate inbox and outbox IRIs * use const for key values * Update routers/web/webfinger.go * Use ctx.JSON in Person response to make code cleaner * Revert "Use ctx.JSON in Person response to make code cleaner" This doesn't work because the ctx.JSON() function already sends the response out and it's too late to edit the headers. This reverts commit 95aad988975be3393c76094864ed6ba962157e0c. * Use activitypub.ActivityStreamsContentType for Person response Content Type * Limit maximum ActivityPub request and response sizes to a configurable setting * Move setting key constants to models/user/setting_keys.go * Fix failing ActivityPubPerson integration test by checking the correct field for username * Add a warning about changing settings that can break federation * Add better comments * Don't multiply Federation.MaxSize by 1<<20 twice * Add more better comments * Fix failing ActivityPubMissingPerson test We now use ctx.ContextUser so the message printed out when a user does not exist is slightly different * make generate-swagger For some reason I didn't realize that /templates/swagger/v1_json.tmpl was machine-generated by make generate-swagger... I've been editing it by hand for three months! 🤦 * Move getting the RFC 2616 time to a separate function * More code cleanup * Update go-ap to fix empty liked collection and removed unneeded HTTP headers * go mod tidy * Add ed25519 to httpsig algorithms * Use go-ap/jsonld to add @context and marshal JSON * Change Gitea user agent from the default to Gitea/Version * Use ctx.ServerError and remove all remote interaction code from webfinger.go
2022-06-19 07:25:12 +02:00
github.com/go-fed/httpsig v1.1.1-0.20201223112313-55836744818e
github.com/go-git/go-billy/v5 v5.3.1
github.com/go-git/go-git/v5 v5.4.3-0.20210630082519-b4368b2a2ca4
github.com/go-ldap/ldap/v3 v3.4.3
github.com/go-redis/redis/v8 v8.11.5
github.com/go-sql-driver/mysql v1.6.0
bump go deps (#19021) * update gitea.com/go-chi/binding * update gitea.com/go-chi/cache * update github.com/42wim/sshsig * update github.com/PuerkitoBio/goquery * update github.com/blevesearch/bleve/v2 * update github.com/caddyserver/certmagic * update github.com/denisenkom/go-mssqldb * update github.com/duo-labs/webauthn * update github.com/dustin/go-humanize * update github.com/editorconfig/editorconfig-core-go/v2 * update github.com/ethantkoenig/rupture * update github.com/go-chi/chi/v5 * update github.com/go-git/go-git/v5 * update github.com/go-ldap/ldap/v3 * update github.com/go-redis/redis/v8 * update github.com/go-swagger/go-swagger * update github.com/gogs/chardet * update github.com/golang-jwt/jwt/v4 * update github.com/hashicorp/go-version * update github.com/jaytaylor/html2text * update github.com/klauspost/compress * update github.com/lib/pq * update github.com/markbates/goth * update github.com/mattn/go-sqlite3 * update github.com/mholt/archiver/v3 * update github.com/microcosm-cc/bluemonday * update github.com/minio/minio-go/v7 * update github.com/msteinert/pam * update github.com/niklasfasching/go-org * update github.com/olivere/elastic/v7 * update github.com/prometheus/client_golang * update github.com/quasoft/websspi * update github.com/stretchr/testify * update github.com/unknwon/i18n * update github.com/unrolled/render * update github.com/xanzy/go-gitlab * update github.com/yuin/goldmark * update github.com/yuin/goldmark-highlighting * update github.com/yuin/goldmark-meta * post make vendor Signed-off-by: Andrew Thornton <art27@cantab.net> * add make vendor back into update_dependencies.sh Signed-off-by: Andrew Thornton <art27@cantab.net> * Update update_dependencies.sh * Update contrib/update_dependencies.sh Co-authored-by: zeripath <art27@cantab.net> * update mvdan.cc/xurls/v2 Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-08 12:15:30 +01:00
github.com/go-swagger/go-swagger v0.29.0
github.com/go-testfixtures/testfixtures/v3 v3.6.1
github.com/gobwas/glob v0.2.3
bump go deps (#19021) * update gitea.com/go-chi/binding * update gitea.com/go-chi/cache * update github.com/42wim/sshsig * update github.com/PuerkitoBio/goquery * update github.com/blevesearch/bleve/v2 * update github.com/caddyserver/certmagic * update github.com/denisenkom/go-mssqldb * update github.com/duo-labs/webauthn * update github.com/dustin/go-humanize * update github.com/editorconfig/editorconfig-core-go/v2 * update github.com/ethantkoenig/rupture * update github.com/go-chi/chi/v5 * update github.com/go-git/go-git/v5 * update github.com/go-ldap/ldap/v3 * update github.com/go-redis/redis/v8 * update github.com/go-swagger/go-swagger * update github.com/gogs/chardet * update github.com/golang-jwt/jwt/v4 * update github.com/hashicorp/go-version * update github.com/jaytaylor/html2text * update github.com/klauspost/compress * update github.com/lib/pq * update github.com/markbates/goth * update github.com/mattn/go-sqlite3 * update github.com/mholt/archiver/v3 * update github.com/microcosm-cc/bluemonday * update github.com/minio/minio-go/v7 * update github.com/msteinert/pam * update github.com/niklasfasching/go-org * update github.com/olivere/elastic/v7 * update github.com/prometheus/client_golang * update github.com/quasoft/websspi * update github.com/stretchr/testify * update github.com/unknwon/i18n * update github.com/unrolled/render * update github.com/xanzy/go-gitlab * update github.com/yuin/goldmark * update github.com/yuin/goldmark-highlighting * update github.com/yuin/goldmark-meta * post make vendor Signed-off-by: Andrew Thornton <art27@cantab.net> * add make vendor back into update_dependencies.sh Signed-off-by: Andrew Thornton <art27@cantab.net> * Update update_dependencies.sh * Update contrib/update_dependencies.sh Co-authored-by: zeripath <art27@cantab.net> * update mvdan.cc/xurls/v2 Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-08 12:15:30 +01:00
github.com/gogs/chardet v0.0.0-20211120154057-b7413eaefb8f
github.com/gogs/cron v0.0.0-20171120032916-9f6c956d3e14
2021-02-01 05:49:25 +01:00
github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85
github.com/golang-jwt/jwt/v4 v4.4.1
github.com/google/go-github/v45 v45.0.0
github.com/google/pprof v0.0.0-20220509035851-59ca7ad80af3
github.com/google/uuid v1.3.0
github.com/gorilla/feeds v1.1.1
github.com/gorilla/sessions v1.2.1
bump go deps (#19021) * update gitea.com/go-chi/binding * update gitea.com/go-chi/cache * update github.com/42wim/sshsig * update github.com/PuerkitoBio/goquery * update github.com/blevesearch/bleve/v2 * update github.com/caddyserver/certmagic * update github.com/denisenkom/go-mssqldb * update github.com/duo-labs/webauthn * update github.com/dustin/go-humanize * update github.com/editorconfig/editorconfig-core-go/v2 * update github.com/ethantkoenig/rupture * update github.com/go-chi/chi/v5 * update github.com/go-git/go-git/v5 * update github.com/go-ldap/ldap/v3 * update github.com/go-redis/redis/v8 * update github.com/go-swagger/go-swagger * update github.com/gogs/chardet * update github.com/golang-jwt/jwt/v4 * update github.com/hashicorp/go-version * update github.com/jaytaylor/html2text * update github.com/klauspost/compress * update github.com/lib/pq * update github.com/markbates/goth * update github.com/mattn/go-sqlite3 * update github.com/mholt/archiver/v3 * update github.com/microcosm-cc/bluemonday * update github.com/minio/minio-go/v7 * update github.com/msteinert/pam * update github.com/niklasfasching/go-org * update github.com/olivere/elastic/v7 * update github.com/prometheus/client_golang * update github.com/quasoft/websspi * update github.com/stretchr/testify * update github.com/unknwon/i18n * update github.com/unrolled/render * update github.com/xanzy/go-gitlab * update github.com/yuin/goldmark * update github.com/yuin/goldmark-highlighting * update github.com/yuin/goldmark-meta * post make vendor Signed-off-by: Andrew Thornton <art27@cantab.net> * add make vendor back into update_dependencies.sh Signed-off-by: Andrew Thornton <art27@cantab.net> * Update update_dependencies.sh * Update contrib/update_dependencies.sh Co-authored-by: zeripath <art27@cantab.net> * update mvdan.cc/xurls/v2 Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-08 12:15:30 +01:00
github.com/hashicorp/go-version v1.4.0
github.com/hashicorp/golang-lru v0.5.4
github.com/huandu/xstrings v1.3.2
bump go deps (#19021) * update gitea.com/go-chi/binding * update gitea.com/go-chi/cache * update github.com/42wim/sshsig * update github.com/PuerkitoBio/goquery * update github.com/blevesearch/bleve/v2 * update github.com/caddyserver/certmagic * update github.com/denisenkom/go-mssqldb * update github.com/duo-labs/webauthn * update github.com/dustin/go-humanize * update github.com/editorconfig/editorconfig-core-go/v2 * update github.com/ethantkoenig/rupture * update github.com/go-chi/chi/v5 * update github.com/go-git/go-git/v5 * update github.com/go-ldap/ldap/v3 * update github.com/go-redis/redis/v8 * update github.com/go-swagger/go-swagger * update github.com/gogs/chardet * update github.com/golang-jwt/jwt/v4 * update github.com/hashicorp/go-version * update github.com/jaytaylor/html2text * update github.com/klauspost/compress * update github.com/lib/pq * update github.com/markbates/goth * update github.com/mattn/go-sqlite3 * update github.com/mholt/archiver/v3 * update github.com/microcosm-cc/bluemonday * update github.com/minio/minio-go/v7 * update github.com/msteinert/pam * update github.com/niklasfasching/go-org * update github.com/olivere/elastic/v7 * update github.com/prometheus/client_golang * update github.com/quasoft/websspi * update github.com/stretchr/testify * update github.com/unknwon/i18n * update github.com/unrolled/render * update github.com/xanzy/go-gitlab * update github.com/yuin/goldmark * update github.com/yuin/goldmark-highlighting * update github.com/yuin/goldmark-meta * post make vendor Signed-off-by: Andrew Thornton <art27@cantab.net> * add make vendor back into update_dependencies.sh Signed-off-by: Andrew Thornton <art27@cantab.net> * Update update_dependencies.sh * Update contrib/update_dependencies.sh Co-authored-by: zeripath <art27@cantab.net> * update mvdan.cc/xurls/v2 Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-08 12:15:30 +01:00
github.com/jaytaylor/html2text v0.0.0-20211105163654-bc68cce691ba
github.com/json-iterator/go v1.1.12
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
github.com/keybase/go-crypto v0.0.0-20200123153347-de78d2cb44f4
github.com/klauspost/compress v1.15.3
github.com/klauspost/cpuid/v2 v2.0.12
github.com/lib/pq v1.10.5
github.com/lunny/dingtalk_webhook v0.0.0-20171025031554-e3534c89ef96
github.com/markbates/goth v1.72.0
bump go deps (#19021) * update gitea.com/go-chi/binding * update gitea.com/go-chi/cache * update github.com/42wim/sshsig * update github.com/PuerkitoBio/goquery * update github.com/blevesearch/bleve/v2 * update github.com/caddyserver/certmagic * update github.com/denisenkom/go-mssqldb * update github.com/duo-labs/webauthn * update github.com/dustin/go-humanize * update github.com/editorconfig/editorconfig-core-go/v2 * update github.com/ethantkoenig/rupture * update github.com/go-chi/chi/v5 * update github.com/go-git/go-git/v5 * update github.com/go-ldap/ldap/v3 * update github.com/go-redis/redis/v8 * update github.com/go-swagger/go-swagger * update github.com/gogs/chardet * update github.com/golang-jwt/jwt/v4 * update github.com/hashicorp/go-version * update github.com/jaytaylor/html2text * update github.com/klauspost/compress * update github.com/lib/pq * update github.com/markbates/goth * update github.com/mattn/go-sqlite3 * update github.com/mholt/archiver/v3 * update github.com/microcosm-cc/bluemonday * update github.com/minio/minio-go/v7 * update github.com/msteinert/pam * update github.com/niklasfasching/go-org * update github.com/olivere/elastic/v7 * update github.com/prometheus/client_golang * update github.com/quasoft/websspi * update github.com/stretchr/testify * update github.com/unknwon/i18n * update github.com/unrolled/render * update github.com/xanzy/go-gitlab * update github.com/yuin/goldmark * update github.com/yuin/goldmark-highlighting * update github.com/yuin/goldmark-meta * post make vendor Signed-off-by: Andrew Thornton <art27@cantab.net> * add make vendor back into update_dependencies.sh Signed-off-by: Andrew Thornton <art27@cantab.net> * Update update_dependencies.sh * Update contrib/update_dependencies.sh Co-authored-by: zeripath <art27@cantab.net> * update mvdan.cc/xurls/v2 Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-08 12:15:30 +01:00
github.com/mattn/go-isatty v0.0.14
github.com/mattn/go-sqlite3 v1.14.12
github.com/mholt/archiver/v3 v3.5.1
github.com/microcosm-cc/bluemonday v1.0.19
github.com/minio/minio-go/v7 v7.0.26
bump go deps (#19021) * update gitea.com/go-chi/binding * update gitea.com/go-chi/cache * update github.com/42wim/sshsig * update github.com/PuerkitoBio/goquery * update github.com/blevesearch/bleve/v2 * update github.com/caddyserver/certmagic * update github.com/denisenkom/go-mssqldb * update github.com/duo-labs/webauthn * update github.com/dustin/go-humanize * update github.com/editorconfig/editorconfig-core-go/v2 * update github.com/ethantkoenig/rupture * update github.com/go-chi/chi/v5 * update github.com/go-git/go-git/v5 * update github.com/go-ldap/ldap/v3 * update github.com/go-redis/redis/v8 * update github.com/go-swagger/go-swagger * update github.com/gogs/chardet * update github.com/golang-jwt/jwt/v4 * update github.com/hashicorp/go-version * update github.com/jaytaylor/html2text * update github.com/klauspost/compress * update github.com/lib/pq * update github.com/markbates/goth * update github.com/mattn/go-sqlite3 * update github.com/mholt/archiver/v3 * update github.com/microcosm-cc/bluemonday * update github.com/minio/minio-go/v7 * update github.com/msteinert/pam * update github.com/niklasfasching/go-org * update github.com/olivere/elastic/v7 * update github.com/prometheus/client_golang * update github.com/quasoft/websspi * update github.com/stretchr/testify * update github.com/unknwon/i18n * update github.com/unrolled/render * update github.com/xanzy/go-gitlab * update github.com/yuin/goldmark * update github.com/yuin/goldmark-highlighting * update github.com/yuin/goldmark-meta * post make vendor Signed-off-by: Andrew Thornton <art27@cantab.net> * add make vendor back into update_dependencies.sh Signed-off-by: Andrew Thornton <art27@cantab.net> * Update update_dependencies.sh * Update contrib/update_dependencies.sh Co-authored-by: zeripath <art27@cantab.net> * update mvdan.cc/xurls/v2 Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-08 12:15:30 +01:00
github.com/msteinert/pam v1.0.0
github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646
bump go deps (#19021) * update gitea.com/go-chi/binding * update gitea.com/go-chi/cache * update github.com/42wim/sshsig * update github.com/PuerkitoBio/goquery * update github.com/blevesearch/bleve/v2 * update github.com/caddyserver/certmagic * update github.com/denisenkom/go-mssqldb * update github.com/duo-labs/webauthn * update github.com/dustin/go-humanize * update github.com/editorconfig/editorconfig-core-go/v2 * update github.com/ethantkoenig/rupture * update github.com/go-chi/chi/v5 * update github.com/go-git/go-git/v5 * update github.com/go-ldap/ldap/v3 * update github.com/go-redis/redis/v8 * update github.com/go-swagger/go-swagger * update github.com/gogs/chardet * update github.com/golang-jwt/jwt/v4 * update github.com/hashicorp/go-version * update github.com/jaytaylor/html2text * update github.com/klauspost/compress * update github.com/lib/pq * update github.com/markbates/goth * update github.com/mattn/go-sqlite3 * update github.com/mholt/archiver/v3 * update github.com/microcosm-cc/bluemonday * update github.com/minio/minio-go/v7 * update github.com/msteinert/pam * update github.com/niklasfasching/go-org * update github.com/olivere/elastic/v7 * update github.com/prometheus/client_golang * update github.com/quasoft/websspi * update github.com/stretchr/testify * update github.com/unknwon/i18n * update github.com/unrolled/render * update github.com/xanzy/go-gitlab * update github.com/yuin/goldmark * update github.com/yuin/goldmark-highlighting * update github.com/yuin/goldmark-meta * post make vendor Signed-off-by: Andrew Thornton <art27@cantab.net> * add make vendor back into update_dependencies.sh Signed-off-by: Andrew Thornton <art27@cantab.net> * Update update_dependencies.sh * Update contrib/update_dependencies.sh Co-authored-by: zeripath <art27@cantab.net> * update mvdan.cc/xurls/v2 Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-08 12:15:30 +01:00
github.com/niklasfasching/go-org v1.6.2
github.com/oliamb/cutter v0.2.2
github.com/olivere/elastic/v7 v7.0.32
github.com/pkg/errors v0.9.1
github.com/pquerna/otp v1.3.0
bump go deps (#19021) * update gitea.com/go-chi/binding * update gitea.com/go-chi/cache * update github.com/42wim/sshsig * update github.com/PuerkitoBio/goquery * update github.com/blevesearch/bleve/v2 * update github.com/caddyserver/certmagic * update github.com/denisenkom/go-mssqldb * update github.com/duo-labs/webauthn * update github.com/dustin/go-humanize * update github.com/editorconfig/editorconfig-core-go/v2 * update github.com/ethantkoenig/rupture * update github.com/go-chi/chi/v5 * update github.com/go-git/go-git/v5 * update github.com/go-ldap/ldap/v3 * update github.com/go-redis/redis/v8 * update github.com/go-swagger/go-swagger * update github.com/gogs/chardet * update github.com/golang-jwt/jwt/v4 * update github.com/hashicorp/go-version * update github.com/jaytaylor/html2text * update github.com/klauspost/compress * update github.com/lib/pq * update github.com/markbates/goth * update github.com/mattn/go-sqlite3 * update github.com/mholt/archiver/v3 * update github.com/microcosm-cc/bluemonday * update github.com/minio/minio-go/v7 * update github.com/msteinert/pam * update github.com/niklasfasching/go-org * update github.com/olivere/elastic/v7 * update github.com/prometheus/client_golang * update github.com/quasoft/websspi * update github.com/stretchr/testify * update github.com/unknwon/i18n * update github.com/unrolled/render * update github.com/xanzy/go-gitlab * update github.com/yuin/goldmark * update github.com/yuin/goldmark-highlighting * update github.com/yuin/goldmark-meta * post make vendor Signed-off-by: Andrew Thornton <art27@cantab.net> * add make vendor back into update_dependencies.sh Signed-off-by: Andrew Thornton <art27@cantab.net> * Update update_dependencies.sh * Update contrib/update_dependencies.sh Co-authored-by: zeripath <art27@cantab.net> * update mvdan.cc/xurls/v2 Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-08 12:15:30 +01:00
github.com/prometheus/client_golang v1.12.1
github.com/quasoft/websspi v1.1.2
github.com/santhosh-tekuri/jsonschema/v5 v5.0.0
github.com/sergi/go-diff v1.2.0
github.com/shurcooL/vfsgen v0.0.0-20200824052919-0d455de96546
github.com/stretchr/testify v1.7.1
github.com/syndtr/goleveldb v1.0.0
github.com/tstranex/u2f v1.0.0
bump go deps (#19021) * update gitea.com/go-chi/binding * update gitea.com/go-chi/cache * update github.com/42wim/sshsig * update github.com/PuerkitoBio/goquery * update github.com/blevesearch/bleve/v2 * update github.com/caddyserver/certmagic * update github.com/denisenkom/go-mssqldb * update github.com/duo-labs/webauthn * update github.com/dustin/go-humanize * update github.com/editorconfig/editorconfig-core-go/v2 * update github.com/ethantkoenig/rupture * update github.com/go-chi/chi/v5 * update github.com/go-git/go-git/v5 * update github.com/go-ldap/ldap/v3 * update github.com/go-redis/redis/v8 * update github.com/go-swagger/go-swagger * update github.com/gogs/chardet * update github.com/golang-jwt/jwt/v4 * update github.com/hashicorp/go-version * update github.com/jaytaylor/html2text * update github.com/klauspost/compress * update github.com/lib/pq * update github.com/markbates/goth * update github.com/mattn/go-sqlite3 * update github.com/mholt/archiver/v3 * update github.com/microcosm-cc/bluemonday * update github.com/minio/minio-go/v7 * update github.com/msteinert/pam * update github.com/niklasfasching/go-org * update github.com/olivere/elastic/v7 * update github.com/prometheus/client_golang * update github.com/quasoft/websspi * update github.com/stretchr/testify * update github.com/unknwon/i18n * update github.com/unrolled/render * update github.com/xanzy/go-gitlab * update github.com/yuin/goldmark * update github.com/yuin/goldmark-highlighting * update github.com/yuin/goldmark-meta * post make vendor Signed-off-by: Andrew Thornton <art27@cantab.net> * add make vendor back into update_dependencies.sh Signed-off-by: Andrew Thornton <art27@cantab.net> * Update update_dependencies.sh * Update contrib/update_dependencies.sh Co-authored-by: zeripath <art27@cantab.net> * update mvdan.cc/xurls/v2 Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-08 12:15:30 +01:00
github.com/unrolled/render v1.4.1
github.com/urfave/cli v1.22.9
github.com/xanzy/go-gitlab v0.64.0
github.com/yohcop/openid-go v1.0.0
github.com/yuin/goldmark v1.4.13
bump go deps (#19021) * update gitea.com/go-chi/binding * update gitea.com/go-chi/cache * update github.com/42wim/sshsig * update github.com/PuerkitoBio/goquery * update github.com/blevesearch/bleve/v2 * update github.com/caddyserver/certmagic * update github.com/denisenkom/go-mssqldb * update github.com/duo-labs/webauthn * update github.com/dustin/go-humanize * update github.com/editorconfig/editorconfig-core-go/v2 * update github.com/ethantkoenig/rupture * update github.com/go-chi/chi/v5 * update github.com/go-git/go-git/v5 * update github.com/go-ldap/ldap/v3 * update github.com/go-redis/redis/v8 * update github.com/go-swagger/go-swagger * update github.com/gogs/chardet * update github.com/golang-jwt/jwt/v4 * update github.com/hashicorp/go-version * update github.com/jaytaylor/html2text * update github.com/klauspost/compress * update github.com/lib/pq * update github.com/markbates/goth * update github.com/mattn/go-sqlite3 * update github.com/mholt/archiver/v3 * update github.com/microcosm-cc/bluemonday * update github.com/minio/minio-go/v7 * update github.com/msteinert/pam * update github.com/niklasfasching/go-org * update github.com/olivere/elastic/v7 * update github.com/prometheus/client_golang * update github.com/quasoft/websspi * update github.com/stretchr/testify * update github.com/unknwon/i18n * update github.com/unrolled/render * update github.com/xanzy/go-gitlab * update github.com/yuin/goldmark * update github.com/yuin/goldmark-highlighting * update github.com/yuin/goldmark-meta * post make vendor Signed-off-by: Andrew Thornton <art27@cantab.net> * add make vendor back into update_dependencies.sh Signed-off-by: Andrew Thornton <art27@cantab.net> * Update update_dependencies.sh * Update contrib/update_dependencies.sh Co-authored-by: zeripath <art27@cantab.net> * update mvdan.cc/xurls/v2 Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-08 12:15:30 +01:00
github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594
github.com/yuin/goldmark-meta v1.1.0
go.jolheiser.com/hcaptcha v0.0.4
go.jolheiser.com/pwn v0.0.3
golang.org/x/crypto v0.0.0-20220507011949-2cf3adece122
golang.org/x/net v0.0.0-20220630215102-69896b714898
golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
golang.org/x/text v0.3.7
golang.org/x/tools v0.1.10
gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
bump go deps (#19021) * update gitea.com/go-chi/binding * update gitea.com/go-chi/cache * update github.com/42wim/sshsig * update github.com/PuerkitoBio/goquery * update github.com/blevesearch/bleve/v2 * update github.com/caddyserver/certmagic * update github.com/denisenkom/go-mssqldb * update github.com/duo-labs/webauthn * update github.com/dustin/go-humanize * update github.com/editorconfig/editorconfig-core-go/v2 * update github.com/ethantkoenig/rupture * update github.com/go-chi/chi/v5 * update github.com/go-git/go-git/v5 * update github.com/go-ldap/ldap/v3 * update github.com/go-redis/redis/v8 * update github.com/go-swagger/go-swagger * update github.com/gogs/chardet * update github.com/golang-jwt/jwt/v4 * update github.com/hashicorp/go-version * update github.com/jaytaylor/html2text * update github.com/klauspost/compress * update github.com/lib/pq * update github.com/markbates/goth * update github.com/mattn/go-sqlite3 * update github.com/mholt/archiver/v3 * update github.com/microcosm-cc/bluemonday * update github.com/minio/minio-go/v7 * update github.com/msteinert/pam * update github.com/niklasfasching/go-org * update github.com/olivere/elastic/v7 * update github.com/prometheus/client_golang * update github.com/quasoft/websspi * update github.com/stretchr/testify * update github.com/unknwon/i18n * update github.com/unrolled/render * update github.com/xanzy/go-gitlab * update github.com/yuin/goldmark * update github.com/yuin/goldmark-highlighting * update github.com/yuin/goldmark-meta * post make vendor Signed-off-by: Andrew Thornton <art27@cantab.net> * add make vendor back into update_dependencies.sh Signed-off-by: Andrew Thornton <art27@cantab.net> * Update update_dependencies.sh * Update contrib/update_dependencies.sh Co-authored-by: zeripath <art27@cantab.net> * update mvdan.cc/xurls/v2 Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-08 12:15:30 +01:00
gopkg.in/ini.v1 v1.66.4
gopkg.in/yaml.v2 v2.4.0
bump go deps (#19021) * update gitea.com/go-chi/binding * update gitea.com/go-chi/cache * update github.com/42wim/sshsig * update github.com/PuerkitoBio/goquery * update github.com/blevesearch/bleve/v2 * update github.com/caddyserver/certmagic * update github.com/denisenkom/go-mssqldb * update github.com/duo-labs/webauthn * update github.com/dustin/go-humanize * update github.com/editorconfig/editorconfig-core-go/v2 * update github.com/ethantkoenig/rupture * update github.com/go-chi/chi/v5 * update github.com/go-git/go-git/v5 * update github.com/go-ldap/ldap/v3 * update github.com/go-redis/redis/v8 * update github.com/go-swagger/go-swagger * update github.com/gogs/chardet * update github.com/golang-jwt/jwt/v4 * update github.com/hashicorp/go-version * update github.com/jaytaylor/html2text * update github.com/klauspost/compress * update github.com/lib/pq * update github.com/markbates/goth * update github.com/mattn/go-sqlite3 * update github.com/mholt/archiver/v3 * update github.com/microcosm-cc/bluemonday * update github.com/minio/minio-go/v7 * update github.com/msteinert/pam * update github.com/niklasfasching/go-org * update github.com/olivere/elastic/v7 * update github.com/prometheus/client_golang * update github.com/quasoft/websspi * update github.com/stretchr/testify * update github.com/unknwon/i18n * update github.com/unrolled/render * update github.com/xanzy/go-gitlab * update github.com/yuin/goldmark * update github.com/yuin/goldmark-highlighting * update github.com/yuin/goldmark-meta * post make vendor Signed-off-by: Andrew Thornton <art27@cantab.net> * add make vendor back into update_dependencies.sh Signed-off-by: Andrew Thornton <art27@cantab.net> * Update update_dependencies.sh * Update contrib/update_dependencies.sh Co-authored-by: zeripath <art27@cantab.net> * update mvdan.cc/xurls/v2 Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-08 12:15:30 +01:00
mvdan.cc/xurls/v2 v2.4.0
strk.kbt.io/projects/go/libravatar v0.0.0-20191008002943-06d1c002b251
xorm.io/builder v0.3.11
xorm.io/xorm v1.3.2-0.20220714055524-c3bce556200f
)
require (
cloud.google.com/go v0.99.0 // indirect
User keypairs and HTTP signatures for ActivityPub federation using go-ap (#19133) * go.mod: add go-fed/{httpsig,activity/pub,activity/streams} dependency go get github.com/go-fed/activity/streams@master go get github.com/go-fed/activity/pub@master go get github.com/go-fed/httpsig@master * activitypub: implement /api/v1/activitypub/user/{username} (#14186) Return informations regarding a Person (as defined in ActivityStreams https://www.w3.org/TR/activitystreams-vocabulary/#dfn-person). Refs: https://github.com/go-gitea/gitea/issues/14186 Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: add the public key to Person (#14186) Refs: https://github.com/go-gitea/gitea/issues/14186 Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: go-fed conformant Clock instance Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: signing http client Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: implement the ReqSignature middleware Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: hack_16834 Signed-off-by: Loïc Dachary <loic@dachary.org> * Fix CI checks-backend errors with go mod tidy Signed-off-by: Anthony Wang <ta180m@pm.me> * Change 2021 to 2022, properly format package imports Signed-off-by: Anthony Wang <ta180m@pm.me> * Run make fmt and make generate-swagger Signed-off-by: Anthony Wang <ta180m@pm.me> * Use Gitea JSON library, add assert for pkp Signed-off-by: Anthony Wang <ta180m@pm.me> * Run make fmt again, fix err var redeclaration Signed-off-by: Anthony Wang <ta180m@pm.me> * Remove LogSQL from ActivityPub person test Signed-off-by: Anthony Wang <ta180m@pm.me> * Assert if json.Unmarshal succeeds Signed-off-by: Anthony Wang <ta180m@pm.me> * Cleanup, handle invalid usernames for ActivityPub person GET request Signed-off-by: Anthony Wang <ta180m@pm.me> * Rename hack_16834 to user_settings Signed-off-by: Anthony Wang <ta180m@pm.me> * Use the httplib module instead of http for GET requests * Clean up whitespace with make fmt * Use time.RFC1123 and make the http.Client proxy-aware * Check if digest algo is supported in setting module * Clean up some variable declarations * Remove unneeded copy * Use system timezone instead of setting.DefaultUILocation * Use named constant for httpsigExpirationTime * Make pubKey IRI #main-key instead of /#main-key * Move /#main-key to #main-key in tests * Implemented Webfinger endpoint. * Add visible check. * Add user profile as alias. * Add actor IRI and remote interaction URL to WebFinger response * fmt * Fix lint errors * Use go-ap instead of go-fed * Run go mod tidy to fix missing modules in go.mod and go.sum * make fmt * Convert remaining code to go-ap * Clean up go.sum * Fix JSON unmarshall error * Fix CI errors by adding @context to Person() and making sure types match * Correctly decode JSON in api_activitypub_person_test.go * Force CI rerun * Fix TestActivityPubPersonInbox segfault * Fix lint error * Use @mariusor's suggestions for idiomatic go-ap usage * Correctly add inbox/outbox IRIs to person * Code cleanup * Remove another LogSQL from ActivityPub person test * Move httpsig algos slice to an init() function * Add actor IRI and remote interaction URL to WebFinger response * Update TestWebFinger to check for ActivityPub IRI in aliases * make fmt * Force CI rerun * WebFinger: Add CORS header and fix Href -> Template for remote interactions The CORS header is needed due to https://datatracker.ietf.org/doc/html/rfc7033#section-5 and fixes some Peertube <-> Gitea federation issues * make lint-backend * Make sure Person endpoint has Content-Type application/activity+json and includes PreferredUsername, URL, and Icon Setting the correct Content-Type is essential for federating with Mastodon * Use UTC instead of GMT * Rename pkey to pubKey * Make sure HTTP request Date in GMT * make fmt * dont drop err * Make sure API responses always refer to username in original case Copied from what I wrote on #19133 discussion: Handling username case is a very tricky issue and I've already encountered a Mastodon <-> Gitea federation bug due to Gitea considering Ta180m and ta180m to be the same user while Mastodon thinks they are two different users. I think the best way forward is for Gitea to only use the original case version of the username for federation so other AP software don't get confused. * Move httpsig algs constant slice to modules/setting/federation.go * Add new federation settings to app.example.ini and config-cheat-sheet * Return if marshalling error * Make sure Person IRIs are generated correctly This commit ensures that if the setting.AppURL is something like "http://127.0.0.1:42567" (like in the integration tests), a trailing slash will be added after that URL. * If httpsig verification fails, fix Host header and try again This fixes a very rare bug when Gitea and another AP server (confirmed to happen with Mastodon) are running on the same machine, Gitea fails to verify incoming HTTP signatures. This is because the other AP server creates the sig with the public Gitea domain as the Host. However, when Gitea receives the request, the Host header is instead localhost, so the signature verification fails. Manually changing the host header to the correct value and trying the veification again fixes the bug. * Revert "If httpsig verification fails, fix Host header and try again" This reverts commit f53e46c721a037c55facb9200106a6b491bf834c. The bug was actually caused by nginx messing up the Host header when reverse-proxying since I didn't have the line `proxy_set_header Host $host;` in my nginx config for Gitea. * Go back to using ap.IRI to generate inbox and outbox IRIs * use const for key values * Update routers/web/webfinger.go * Use ctx.JSON in Person response to make code cleaner * Revert "Use ctx.JSON in Person response to make code cleaner" This doesn't work because the ctx.JSON() function already sends the response out and it's too late to edit the headers. This reverts commit 95aad988975be3393c76094864ed6ba962157e0c. * Use activitypub.ActivityStreamsContentType for Person response Content Type * Limit maximum ActivityPub request and response sizes to a configurable setting * Move setting key constants to models/user/setting_keys.go * Fix failing ActivityPubPerson integration test by checking the correct field for username * Add a warning about changing settings that can break federation * Add better comments * Don't multiply Federation.MaxSize by 1<<20 twice * Add more better comments * Fix failing ActivityPubMissingPerson test We now use ctx.ContextUser so the message printed out when a user does not exist is slightly different * make generate-swagger For some reason I didn't realize that /templates/swagger/v1_json.tmpl was machine-generated by make generate-swagger... I've been editing it by hand for three months! 🤦 * Move getting the RFC 2616 time to a separate function * More code cleanup * Update go-ap to fix empty liked collection and removed unneeded HTTP headers * go mod tidy * Add ed25519 to httpsig algorithms * Use go-ap/jsonld to add @context and marshal JSON * Change Gitea user agent from the default to Gitea/Version * Use ctx.ServerError and remove all remote interaction code from webfinger.go
2022-06-19 07:25:12 +02:00
git.sr.ht/~mariusor/go-xsd-duration v0.0.0-20200411073322-f0bcc40f0bf2 // indirect
github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e // indirect
github.com/Microsoft/go-winio v0.5.2 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20220407094043-a94812496cf5 // indirect
github.com/PuerkitoBio/purell v1.1.1 // indirect
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
github.com/RoaringBitmap/roaring v0.9.4 // indirect
github.com/acomagu/bufpipe v1.0.3 // indirect
github.com/andybalholm/brotli v1.0.4 // indirect
github.com/andybalholm/cascadia v1.3.1 // indirect
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
github.com/aymerick/douceur v0.2.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/bgentry/speakeasy v0.1.0 // indirect
github.com/bits-and-blooms/bitset v1.2.2 // indirect
github.com/blevesearch/bleve_index_api v1.0.1 // indirect
github.com/blevesearch/go-porterstemmer v1.0.3 // indirect
github.com/blevesearch/gtreap v0.1.1 // indirect
github.com/blevesearch/mmap-go v1.0.3 // indirect
github.com/blevesearch/scorch_segment_api/v2 v2.1.0 // indirect
github.com/blevesearch/segment v0.9.0 // indirect
github.com/blevesearch/snowballstem v0.9.0 // indirect
github.com/blevesearch/upsidedown_store_api v1.0.1 // indirect
github.com/blevesearch/vellum v1.0.7 // indirect
github.com/blevesearch/zapx/v11 v11.3.3 // indirect
github.com/blevesearch/zapx/v12 v12.3.3 // indirect
github.com/blevesearch/zapx/v13 v13.3.3 // indirect
github.com/blevesearch/zapx/v14 v14.3.3 // indirect
github.com/blevesearch/zapx/v15 v15.3.3 // indirect
github.com/boombuler/barcode v1.0.1 // indirect
github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b // indirect
github.com/census-instrumentation/opencensus-proto v0.3.0 // indirect
github.com/cespare/xxhash/v2 v2.1.2 // indirect
github.com/cloudflare/cfssl v1.6.1 // indirect
github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4 // indirect
github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490 // indirect
github.com/coreos/go-semver v0.3.0 // indirect
github.com/coreos/go-systemd/v22 v22.3.2 // indirect
github.com/couchbase/go-couchbase v0.0.0-20210224140812-5740cd35f448 // indirect
github.com/couchbase/gomemcached v0.1.2 // indirect
github.com/couchbase/goutils v0.0.0-20210118111533-e33d3ffb5401 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
github.com/dlclark/regexp2 v1.4.0 // indirect
github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect
github.com/envoyproxy/go-control-plane v0.10.1 // indirect
github.com/envoyproxy/protoc-gen-validate v0.6.2 // indirect
github.com/felixge/httpsnoop v1.0.2 // indirect
github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect
github.com/fullstorydev/grpcurl v1.8.1 // indirect
github.com/fxamacker/cbor/v2 v2.4.0 // indirect
User keypairs and HTTP signatures for ActivityPub federation using go-ap (#19133) * go.mod: add go-fed/{httpsig,activity/pub,activity/streams} dependency go get github.com/go-fed/activity/streams@master go get github.com/go-fed/activity/pub@master go get github.com/go-fed/httpsig@master * activitypub: implement /api/v1/activitypub/user/{username} (#14186) Return informations regarding a Person (as defined in ActivityStreams https://www.w3.org/TR/activitystreams-vocabulary/#dfn-person). Refs: https://github.com/go-gitea/gitea/issues/14186 Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: add the public key to Person (#14186) Refs: https://github.com/go-gitea/gitea/issues/14186 Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: go-fed conformant Clock instance Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: signing http client Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: implement the ReqSignature middleware Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: hack_16834 Signed-off-by: Loïc Dachary <loic@dachary.org> * Fix CI checks-backend errors with go mod tidy Signed-off-by: Anthony Wang <ta180m@pm.me> * Change 2021 to 2022, properly format package imports Signed-off-by: Anthony Wang <ta180m@pm.me> * Run make fmt and make generate-swagger Signed-off-by: Anthony Wang <ta180m@pm.me> * Use Gitea JSON library, add assert for pkp Signed-off-by: Anthony Wang <ta180m@pm.me> * Run make fmt again, fix err var redeclaration Signed-off-by: Anthony Wang <ta180m@pm.me> * Remove LogSQL from ActivityPub person test Signed-off-by: Anthony Wang <ta180m@pm.me> * Assert if json.Unmarshal succeeds Signed-off-by: Anthony Wang <ta180m@pm.me> * Cleanup, handle invalid usernames for ActivityPub person GET request Signed-off-by: Anthony Wang <ta180m@pm.me> * Rename hack_16834 to user_settings Signed-off-by: Anthony Wang <ta180m@pm.me> * Use the httplib module instead of http for GET requests * Clean up whitespace with make fmt * Use time.RFC1123 and make the http.Client proxy-aware * Check if digest algo is supported in setting module * Clean up some variable declarations * Remove unneeded copy * Use system timezone instead of setting.DefaultUILocation * Use named constant for httpsigExpirationTime * Make pubKey IRI #main-key instead of /#main-key * Move /#main-key to #main-key in tests * Implemented Webfinger endpoint. * Add visible check. * Add user profile as alias. * Add actor IRI and remote interaction URL to WebFinger response * fmt * Fix lint errors * Use go-ap instead of go-fed * Run go mod tidy to fix missing modules in go.mod and go.sum * make fmt * Convert remaining code to go-ap * Clean up go.sum * Fix JSON unmarshall error * Fix CI errors by adding @context to Person() and making sure types match * Correctly decode JSON in api_activitypub_person_test.go * Force CI rerun * Fix TestActivityPubPersonInbox segfault * Fix lint error * Use @mariusor's suggestions for idiomatic go-ap usage * Correctly add inbox/outbox IRIs to person * Code cleanup * Remove another LogSQL from ActivityPub person test * Move httpsig algos slice to an init() function * Add actor IRI and remote interaction URL to WebFinger response * Update TestWebFinger to check for ActivityPub IRI in aliases * make fmt * Force CI rerun * WebFinger: Add CORS header and fix Href -> Template for remote interactions The CORS header is needed due to https://datatracker.ietf.org/doc/html/rfc7033#section-5 and fixes some Peertube <-> Gitea federation issues * make lint-backend * Make sure Person endpoint has Content-Type application/activity+json and includes PreferredUsername, URL, and Icon Setting the correct Content-Type is essential for federating with Mastodon * Use UTC instead of GMT * Rename pkey to pubKey * Make sure HTTP request Date in GMT * make fmt * dont drop err * Make sure API responses always refer to username in original case Copied from what I wrote on #19133 discussion: Handling username case is a very tricky issue and I've already encountered a Mastodon <-> Gitea federation bug due to Gitea considering Ta180m and ta180m to be the same user while Mastodon thinks they are two different users. I think the best way forward is for Gitea to only use the original case version of the username for federation so other AP software don't get confused. * Move httpsig algs constant slice to modules/setting/federation.go * Add new federation settings to app.example.ini and config-cheat-sheet * Return if marshalling error * Make sure Person IRIs are generated correctly This commit ensures that if the setting.AppURL is something like "http://127.0.0.1:42567" (like in the integration tests), a trailing slash will be added after that URL. * If httpsig verification fails, fix Host header and try again This fixes a very rare bug when Gitea and another AP server (confirmed to happen with Mastodon) are running on the same machine, Gitea fails to verify incoming HTTP signatures. This is because the other AP server creates the sig with the public Gitea domain as the Host. However, when Gitea receives the request, the Host header is instead localhost, so the signature verification fails. Manually changing the host header to the correct value and trying the veification again fixes the bug. * Revert "If httpsig verification fails, fix Host header and try again" This reverts commit f53e46c721a037c55facb9200106a6b491bf834c. The bug was actually caused by nginx messing up the Host header when reverse-proxying since I didn't have the line `proxy_set_header Host $host;` in my nginx config for Gitea. * Go back to using ap.IRI to generate inbox and outbox IRIs * use const for key values * Update routers/web/webfinger.go * Use ctx.JSON in Person response to make code cleaner * Revert "Use ctx.JSON in Person response to make code cleaner" This doesn't work because the ctx.JSON() function already sends the response out and it's too late to edit the headers. This reverts commit 95aad988975be3393c76094864ed6ba962157e0c. * Use activitypub.ActivityStreamsContentType for Person response Content Type * Limit maximum ActivityPub request and response sizes to a configurable setting * Move setting key constants to models/user/setting_keys.go * Fix failing ActivityPubPerson integration test by checking the correct field for username * Add a warning about changing settings that can break federation * Add better comments * Don't multiply Federation.MaxSize by 1<<20 twice * Add more better comments * Fix failing ActivityPubMissingPerson test We now use ctx.ContextUser so the message printed out when a user does not exist is slightly different * make generate-swagger For some reason I didn't realize that /templates/swagger/v1_json.tmpl was machine-generated by make generate-swagger... I've been editing it by hand for three months! 🤦 * Move getting the RFC 2616 time to a separate function * More code cleanup * Update go-ap to fix empty liked collection and removed unneeded HTTP headers * go mod tidy * Add ed25519 to httpsig algorithms * Use go-ap/jsonld to add @context and marshal JSON * Change Gitea user agent from the default to Gitea/Version * Use ctx.ServerError and remove all remote interaction code from webfinger.go
2022-06-19 07:25:12 +02:00
github.com/go-ap/errors v0.0.0-20220615144307-e8bc4a40ae9f // indirect
github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect
github.com/go-enry/go-oniguruma v1.2.1 // indirect
github.com/go-git/gcfg v1.5.0 // indirect
github.com/go-openapi/analysis v0.21.2 // indirect
github.com/go-openapi/errors v0.20.2 // indirect
github.com/go-openapi/inflect v0.19.0 // indirect
github.com/go-openapi/jsonpointer v0.19.5 // indirect
github.com/go-openapi/jsonreference v0.19.6 // indirect
github.com/go-openapi/loads v0.21.0 // indirect
github.com/go-openapi/runtime v0.21.1 // indirect
github.com/go-openapi/spec v0.20.4 // indirect
github.com/go-openapi/strfmt v0.21.1 // indirect
github.com/go-openapi/swag v0.19.15 // indirect
github.com/go-openapi/validate v0.20.3 // indirect
github.com/go-stack/stack v1.8.1 // indirect
github.com/goccy/go-json v0.9.7 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 // indirect
github.com/golang-sql/sqlexp v0.0.0-20170517235910-f1bb20e5a188 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/mock v1.6.0 // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/golang/snappy v0.0.4 // indirect
github.com/google/btree v1.0.1 // indirect
github.com/google/certificate-transparency-go v1.1.2-0.20210511102531-373a877eec92 // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/gorilla/css v1.0.0 // indirect
github.com/gorilla/handlers v1.5.1 // indirect
github.com/gorilla/mux v1.8.0 // indirect
github.com/gorilla/securecookie v1.1.1 // indirect
github.com/gorilla/websocket v1.4.2 // indirect
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/imdario/mergo v0.3.12 // indirect
github.com/inconshreveable/mousetrap v1.0.0 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/jessevdk/go-flags v1.5.0 // indirect
github.com/jhump/protoreflect v1.8.2 // indirect
github.com/jonboulle/clockwork v0.2.2 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/kevinburke/ssh_config v1.2.0 // indirect
github.com/klauspost/pgzip v1.2.5 // indirect
github.com/kr/pretty v0.3.0 // indirect
github.com/kr/text v0.2.0 // indirect
github.com/libdns/libdns v0.2.1 // indirect
github.com/magiconair/properties v1.8.5 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/markbates/going v1.0.0 // indirect
github.com/mattn/go-runewidth v0.0.13 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
github.com/mholt/acmez v1.0.2 // indirect
github.com/miekg/dns v1.1.48 // indirect
github.com/minio/md5-simd v1.1.2 // indirect
github.com/minio/sha256-simd v1.0.0 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/mitchellh/mapstructure v1.4.3 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/mrjones/oauth v0.0.0-20190623134757-126b35219450 // indirect
github.com/mschoch/smat v0.2.0 // indirect
github.com/nwaples/rardecode v1.1.3 // indirect
github.com/oklog/ulid v1.3.1 // indirect
github.com/olekukonko/tablewriter v0.0.5 // indirect
github.com/pelletier/go-toml v1.9.4 // indirect
github.com/pierrec/lz4/v4 v4.1.14 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/prometheus/client_model v0.2.0 // indirect
github.com/prometheus/common v0.32.1 // indirect
github.com/prometheus/procfs v0.7.3 // indirect
github.com/rivo/uniseg v0.2.0 // indirect
github.com/rogpeppe/go-internal v1.8.1 // indirect
github.com/rs/xid v1.4.0 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749 // indirect
github.com/sirupsen/logrus v1.8.1 // indirect
github.com/soheilhy/cmux v0.1.5 // indirect
github.com/spf13/afero v1.8.0 // indirect
github.com/spf13/cast v1.4.1 // indirect
github.com/spf13/cobra v1.3.0 // indirect
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/spf13/viper v1.10.1 // indirect
github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf // indirect
github.com/subosito/gotenv v1.2.0 // indirect
github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 // indirect
github.com/toqueteos/webbrowser v1.2.0 // indirect
github.com/ulikunitz/xz v0.5.10 // indirect
github.com/unknwon/com v1.0.1 // indirect
User keypairs and HTTP signatures for ActivityPub federation using go-ap (#19133) * go.mod: add go-fed/{httpsig,activity/pub,activity/streams} dependency go get github.com/go-fed/activity/streams@master go get github.com/go-fed/activity/pub@master go get github.com/go-fed/httpsig@master * activitypub: implement /api/v1/activitypub/user/{username} (#14186) Return informations regarding a Person (as defined in ActivityStreams https://www.w3.org/TR/activitystreams-vocabulary/#dfn-person). Refs: https://github.com/go-gitea/gitea/issues/14186 Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: add the public key to Person (#14186) Refs: https://github.com/go-gitea/gitea/issues/14186 Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: go-fed conformant Clock instance Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: signing http client Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: implement the ReqSignature middleware Signed-off-by: Loïc Dachary <loic@dachary.org> * activitypub: hack_16834 Signed-off-by: Loïc Dachary <loic@dachary.org> * Fix CI checks-backend errors with go mod tidy Signed-off-by: Anthony Wang <ta180m@pm.me> * Change 2021 to 2022, properly format package imports Signed-off-by: Anthony Wang <ta180m@pm.me> * Run make fmt and make generate-swagger Signed-off-by: Anthony Wang <ta180m@pm.me> * Use Gitea JSON library, add assert for pkp Signed-off-by: Anthony Wang <ta180m@pm.me> * Run make fmt again, fix err var redeclaration Signed-off-by: Anthony Wang <ta180m@pm.me> * Remove LogSQL from ActivityPub person test Signed-off-by: Anthony Wang <ta180m@pm.me> * Assert if json.Unmarshal succeeds Signed-off-by: Anthony Wang <ta180m@pm.me> * Cleanup, handle invalid usernames for ActivityPub person GET request Signed-off-by: Anthony Wang <ta180m@pm.me> * Rename hack_16834 to user_settings Signed-off-by: Anthony Wang <ta180m@pm.me> * Use the httplib module instead of http for GET requests * Clean up whitespace with make fmt * Use time.RFC1123 and make the http.Client proxy-aware * Check if digest algo is supported in setting module * Clean up some variable declarations * Remove unneeded copy * Use system timezone instead of setting.DefaultUILocation * Use named constant for httpsigExpirationTime * Make pubKey IRI #main-key instead of /#main-key * Move /#main-key to #main-key in tests * Implemented Webfinger endpoint. * Add visible check. * Add user profile as alias. * Add actor IRI and remote interaction URL to WebFinger response * fmt * Fix lint errors * Use go-ap instead of go-fed * Run go mod tidy to fix missing modules in go.mod and go.sum * make fmt * Convert remaining code to go-ap * Clean up go.sum * Fix JSON unmarshall error * Fix CI errors by adding @context to Person() and making sure types match * Correctly decode JSON in api_activitypub_person_test.go * Force CI rerun * Fix TestActivityPubPersonInbox segfault * Fix lint error * Use @mariusor's suggestions for idiomatic go-ap usage * Correctly add inbox/outbox IRIs to person * Code cleanup * Remove another LogSQL from ActivityPub person test * Move httpsig algos slice to an init() function * Add actor IRI and remote interaction URL to WebFinger response * Update TestWebFinger to check for ActivityPub IRI in aliases * make fmt * Force CI rerun * WebFinger: Add CORS header and fix Href -> Template for remote interactions The CORS header is needed due to https://datatracker.ietf.org/doc/html/rfc7033#section-5 and fixes some Peertube <-> Gitea federation issues * make lint-backend * Make sure Person endpoint has Content-Type application/activity+json and includes PreferredUsername, URL, and Icon Setting the correct Content-Type is essential for federating with Mastodon * Use UTC instead of GMT * Rename pkey to pubKey * Make sure HTTP request Date in GMT * make fmt * dont drop err * Make sure API responses always refer to username in original case Copied from what I wrote on #19133 discussion: Handling username case is a very tricky issue and I've already encountered a Mastodon <-> Gitea federation bug due to Gitea considering Ta180m and ta180m to be the same user while Mastodon thinks they are two different users. I think the best way forward is for Gitea to only use the original case version of the username for federation so other AP software don't get confused. * Move httpsig algs constant slice to modules/setting/federation.go * Add new federation settings to app.example.ini and config-cheat-sheet * Return if marshalling error * Make sure Person IRIs are generated correctly This commit ensures that if the setting.AppURL is something like "http://127.0.0.1:42567" (like in the integration tests), a trailing slash will be added after that URL. * If httpsig verification fails, fix Host header and try again This fixes a very rare bug when Gitea and another AP server (confirmed to happen with Mastodon) are running on the same machine, Gitea fails to verify incoming HTTP signatures. This is because the other AP server creates the sig with the public Gitea domain as the Host. However, when Gitea receives the request, the Host header is instead localhost, so the signature verification fails. Manually changing the host header to the correct value and trying the veification again fixes the bug. * Revert "If httpsig verification fails, fix Host header and try again" This reverts commit f53e46c721a037c55facb9200106a6b491bf834c. The bug was actually caused by nginx messing up the Host header when reverse-proxying since I didn't have the line `proxy_set_header Host $host;` in my nginx config for Gitea. * Go back to using ap.IRI to generate inbox and outbox IRIs * use const for key values * Update routers/web/webfinger.go * Use ctx.JSON in Person response to make code cleaner * Revert "Use ctx.JSON in Person response to make code cleaner" This doesn't work because the ctx.JSON() function already sends the response out and it's too late to edit the headers. This reverts commit 95aad988975be3393c76094864ed6ba962157e0c. * Use activitypub.ActivityStreamsContentType for Person response Content Type * Limit maximum ActivityPub request and response sizes to a configurable setting * Move setting key constants to models/user/setting_keys.go * Fix failing ActivityPubPerson integration test by checking the correct field for username * Add a warning about changing settings that can break federation * Add better comments * Don't multiply Federation.MaxSize by 1<<20 twice * Add more better comments * Fix failing ActivityPubMissingPerson test We now use ctx.ContextUser so the message printed out when a user does not exist is slightly different * make generate-swagger For some reason I didn't realize that /templates/swagger/v1_json.tmpl was machine-generated by make generate-swagger... I've been editing it by hand for three months! 🤦 * Move getting the RFC 2616 time to a separate function * More code cleanup * Update go-ap to fix empty liked collection and removed unneeded HTTP headers * go mod tidy * Add ed25519 to httpsig algorithms * Use go-ap/jsonld to add @context and marshal JSON * Change Gitea user agent from the default to Gitea/Version * Use ctx.ServerError and remove all remote interaction code from webfinger.go
2022-06-19 07:25:12 +02:00
github.com/valyala/fastjson v1.6.3 // indirect
github.com/x448/float16 v0.8.4 // indirect
github.com/xanzy/ssh-agent v0.3.1 // indirect
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 // indirect
go.etcd.io/bbolt v1.3.6 // indirect
go.etcd.io/etcd/api/v3 v3.5.1 // indirect
go.etcd.io/etcd/client/pkg/v3 v3.5.1 // indirect
go.etcd.io/etcd/client/v2 v2.305.1 // indirect
go.etcd.io/etcd/client/v3 v3.5.0-alpha.0 // indirect
go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0 // indirect
go.etcd.io/etcd/pkg/v3 v3.5.0-alpha.0 // indirect
go.etcd.io/etcd/raft/v3 v3.5.0-alpha.0 // indirect
go.etcd.io/etcd/server/v3 v3.5.0-alpha.0 // indirect
go.etcd.io/etcd/tests/v3 v3.5.0-alpha.0 // indirect
go.etcd.io/etcd/v3 v3.5.0-alpha.0 // indirect
go.mongodb.org/mongo-driver v1.8.2 // indirect
go.uber.org/atomic v1.9.0 // indirect
go.uber.org/multierr v1.8.0 // indirect
go.uber.org/zap v1.21.0 // indirect
golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect
golang.org/x/time v0.0.0-20220411224347-583f2d630306 // indirect
golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa // indirect
google.golang.org/grpc v1.43.0 // indirect
google.golang.org/protobuf v1.28.0 // indirect
gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
sigs.k8s.io/yaml v1.2.0 // indirect
)
replace github.com/hashicorp/go-version => github.com/6543/go-version v1.3.1
replace github.com/markbates/goth v1.68.0 => github.com/zeripath/goth v1.68.1-0.20220109111530-754359885dce
replace github.com/shurcooL/vfsgen => github.com/lunny/vfsgen v0.0.0-20220105142115-2c99e1ffdfa0
replace github.com/satori/go.uuid v1.2.0 => github.com/gofrs/uuid v4.2.0+incompatible
exclude github.com/gofrs/uuid v3.2.0+incompatible
exclude github.com/gofrs/uuid v4.0.0+incompatible
exclude github.com/goccy/go-json v0.4.11