0
0
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2024-12-23 21:24:11 +01:00
Commit graph

4444 commits

Author SHA1 Message Date
vincent
35d5e4aea4
Fix content size does not match error when uploading lfs file (#29259)
![image](https://github.com/go-gitea/gitea/assets/38434877/cd726b4d-4771-4547-8aee-ae4e4b56b1d1)
When we update an lfs file by API
`api/v1/repos/{owner}/{repo}/contents/{filepath}`, there will show an
error

```json
{
  "message": "Put \"05904d6c7b\": readfrom tcp [::1]:57300->[::1]:9000: content size does not match",
  "url": "http://localhost:3000/api/swagger"
}
```

The reason of this error is
https://github.com/go-gitea/gitea/blob/main/services/repository/files/update.go,
in this file, the `file.ContentReader` been used twice. So when use
`file.ContentReader` in the second time, the `i` of this Reader has been
updated to the length of the content. it will return 0 and an `io.EOF`
error when we try to read cotent from this Reader.
2024-02-19 14:50:03 +00:00
Şahin Akkaya
39a77d92d9
Deduplicate translations for contributors graph (#29256)
I have implemented three graph pages
([contributors](https://github.com/go-gitea/gitea/pull/27882), [code
frequency](https://github.com/go-gitea/gitea/pull/29191) and [recent
commits](https://github.com/go-gitea/gitea/pull/29210)) and they have
all same page title as the tab name so I decided to use same
translations for them. This PR is for contributors graph. Other PR's
have their own respective commits.
2024-02-19 12:47:38 +00:00
KN4CK3R
7e8ff70940
Show commit status for releases (#29149)
Fixes #29082

![grafik](https://github.com/go-gitea/gitea/assets/1666336/bb2ccde1-ee99-459d-9e74-0fb8ea79e8b3)
2024-02-19 10:27:05 +00:00
Markus Amshove
a11ccc9fcd
Disallow merge when required checked are missing (#29143)
fixes #21892 

This PR disallows merging a PR when not all commit status contexts
configured in the branch protection are met.

Previously, the PR was happy to merge when one commit status was
successful and the other contexts weren't reported.

Any feedback is welcome, first time Go :-)
I'm also not sure if the changes in the template break something else

Given the following branch protection:


![branch_protection](https://github.com/go-gitea/gitea/assets/2401875/f871b4e4-138b-435a-b496-f9ad432e3dec)

This was shown before the change:


![before](https://github.com/go-gitea/gitea/assets/2401875/60424ff0-ee09-4fa0-856e-64e6e3fb0612)

With the change, it is now shown as this:


![after](https://github.com/go-gitea/gitea/assets/2401875/4e464142-efb1-4889-8166-eb3be26c8f3d)

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-02-19 09:57:08 +00:00
FuXiaoHei
67adc5c1dc
Artifact deletion in actions ui (#27172)
Add deletion link in runs view page.
Fix #26315


![image](https://github.com/go-gitea/gitea/assets/2142787/aa65a4ab-f434-4deb-b953-21e63c212033)

When click deletion button. It marks this artifact `need-delete`.

This artifact would be deleted when actions cleanup cron task.
2024-02-18 10:33:50 +00:00
wxiaoguang
31bb9f3247
Refactor more code in templates (#29236)
Follow #29165. 

* Introduce JSONTemplate to help to render JSON templates
* Introduce JSEscapeSafe for templates. Now only use `{{ ... |
JSEscape}}` instead of `{{ ... | JSEscape | Safe}}`
* Simplify "UserLocationMapURL" useage
2024-02-18 10:52:02 +01:00
Jimmy Praet
22b9c2c95c
Load outdated comments when (un)resolving conversation on PR timeline (#29203)
Relates to #28654, #29039 and #29050.

The "show outdated comments" flag should only apply to the file diff
view.
On the PR timeline, outdated comments are always shown.
So they should also be loaded when (un)resolving a conversation on the
timeline page.
2024-02-17 14:07:56 +00:00
Yarden Shoham
aa6f88638f
Fix missing template for follow button in organization (#29215)
Leftover from https://github.com/go-gitea/gitea/pull/29005

# Before

![before](https://github.com/go-gitea/gitea/assets/20454870/24c74278-ccac-4dc6-bf26-713e90c07239)

# After

![after](https://github.com/go-gitea/gitea/assets/20454870/f91d503b-87d4-4c17-a56c-9c0a81fd9082)

---------

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
2024-02-17 13:42:52 +00:00
yp05327
68227996a7
Fix broken following organization (#29005)
- following organization is broken from #28908
- add login check for the follow button in organization profile page
2024-02-17 13:13:37 +08:00
wxiaoguang
45c15387b2
Refactor JWT secret generating & decoding code (#29172)
Old code is not consistent for generating & decoding the JWT secrets.

Now, the callers only need to use 2 consistent functions:
NewJwtSecretWithBase64 and DecodeJwtSecretBase64

And remove a non-common function Base64FixedDecode from util.go
2024-02-16 15:18:30 +00:00
Yarden Shoham
c70f65e83b
Auto-update the system status in admin dashboard (#29163)
- Refactor the system status list into its own template
- Change the backend to return only the system status if htmx initiated
the request
- `hx-get="{{$.Link}}/system_status`: reuse the backend handler
- `hx-swap="innerHTML"`: replace the `<div>`'s innerHTML (essentially
the new template)
- `hx-trigger="every 5s"`: call every 5 seconds
- `hx-indicator=".divider"`: the `is-loading` class shouldn't be added
to the div during the request, so set it on an element it has no effect
on
- Render "Since Last GC Time" with `<relative-time>`, so we send a
timestamp

# Auto-update in action GIF

![action](https://github.com/go-gitea/gitea/assets/20454870/c6e1f220-f0fb-4460-ac3b-59f315e30e29)

---------

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: silverwind <me@silverwind.io>
2024-02-16 02:52:25 +00:00
Şahin Akkaya
21331be30c
Implement contributors graph (#27882)
Continuation of https://github.com/go-gitea/gitea/pull/25439. Fixes #847

Before:
<img width="1296" alt="image"
src="https://github.com/go-gitea/gitea/assets/32161460/24571ac8-b254-43c9-b178-97340f0dc8a9">

----
After:
<img width="1296" alt="image"
src="https://github.com/go-gitea/gitea/assets/32161460/c60b2459-9d10-4d42-8d83-d5ef0f45bf94">

---
#### Overview
This is the implementation of a requested feature: Contributors graph
(#847)

It makes Activity page a multi-tab page and adds a new tab called
Contributors. Contributors tab shows the contribution graphs over time
since the repository existed. It also shows per user contribution graphs
for top 100 contributors. Top 100 is calculated based on the selected
contribution type (commits, additions or deletions).

---
#### Demo
(The demo is a bit old but still a good example to show off the main
features)

<video src="https://github.com/go-gitea/gitea/assets/32161460/9f68103f-8145-4cc2-94bc-5546daae7014" controls width="320" height="240">
  <a href="https://github.com/go-gitea/gitea/assets/32161460/9f68103f-8145-4cc2-94bc-5546daae7014">Download</a>
</video>


#### Features:

- Select contribution type (commits, additions or deletions)
- See overall and per user contribution graphs for the selected
contribution type
- Zoom and pan on graphs to see them in detail
- See top 100 contributors based on the selected contribution type and
selected time range
- Go directly to users' profile by clicking their name if they are
registered gitea users
- Cache the results so that when the same repository is visited again
fetching data will be faster


---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: hiifong <i@hiif.ong>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: yp05327 <576951401@qq.com>
2024-02-15 23:21:13 +01:00
KN4CK3R
07597c71a4
Add support for action artifact serve direct (#29120)
Fixes #29093
2024-02-15 20:39:50 +00:00
6543
702a876453
Advertise WebAuthn support (#29176)
This well-known indicates for password manager, that passkeys are supported.

source:
https://android-developers.googleblog.com/2023/10/make-passkey-endpoints-well-known-url-part-of-your-passkey-implementation.html

spec:
https://github.com/ms-id-standards/MSIdentityStandardsExplainers/blob/main/PasskeyEndpointsWellKnownUrl/explainer.md
2024-02-15 17:49:13 +00:00
Tim-Nicas Oelschläger
374e886f51
Change webhook-type in create-view (#29114)
It's now possible to change webhook-type in create-view.

before:

![image](https://github.com/go-gitea/gitea/assets/72873130/9ee1b9fb-843b-4f28-b8d6-6361e5d184f1)

after:

![image](https://github.com/go-gitea/gitea/assets/72873130/9dbf058f-5912-43af-9acd-487271212f2d)

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Giteabot <teabot@gitea.io>
2024-02-15 14:59:48 +01:00
wxiaoguang
f3eb835886
Refactor locale&string&template related code (#29165)
Clarify when "string" should be used (and be escaped), and when
"template.HTML" should be used (no need to escape)

And help PRs like  #29059 , to render the error messages correctly.
2024-02-14 21:48:45 +00:00
KN4CK3R
94d06be035
Extract linguist code to method (#29168) 2024-02-14 18:50:31 +00:00
techknowlogick
a346a8c852
bump to use go 1.22 (#29119) 2024-02-14 18:19:57 +00:00
Chris Copeland
47b5965862
Add merge style fast-forward-only (#28954)
With this option, it is possible to require a linear commit history with
the following benefits over the next best option `Rebase+fast-forward`:
The original commits continue existing, with the original signatures
continuing to stay valid instead of being rewritten, there is no merge
commit, and reverting commits becomes easier.

Closes #24906
2024-02-12 23:37:23 +01:00
wxiaoguang
ee242a08e9
Refactor issue template parsing and fix API endpoint (#29069)
The old code `GetTemplatesFromDefaultBranch(...) ([]*api.IssueTemplate,
map[string]error)` doesn't really follow Golang's habits, then the
second returned value might be misused. For example, the API function
`GetIssueTemplates` incorrectly checked the second returned value and
always responds 500 error.

This PR refactors GetTemplatesFromDefaultBranch to
ParseTemplatesFromDefaultBranch and clarifies its behavior, and fixes the
API endpoint bug, and adds some tests.

And by the way, add proper prefix `X-` for the header generated in
`checkDeprecatedAuthMethods`, because non-standard HTTP headers should
have `X-` prefix, and it is also consistent with the new code in
`GetIssueTemplates`
2024-02-12 05:04:10 +00:00
KN4CK3R
da2f03750f
Display friendly error message (#29105)
`ctx.Error` only displays the text but `ctx.ServerError` renders the
usual error page.
2024-02-08 22:01:19 +00:00
CEnnis91
6be3fda6fc
Fix swift packages not resolving (#29095)
Fixes #29094
2024-02-08 14:45:44 +08:00
wxiaoguang
a4859dcfea
Improve user experience for outdated comments (#29050)
Try to improve #28949

1. Make `ctx.Data["ShowOutdatedComments"] = true` by default: it brings
consistent user experience, and sometimes the "outdated (source
changed)" comments are still valuable.
2. Show a friendly message if the comment won't show, then the end users
won't fell that "the comment disappears" (it is the special case when
`ShowOutdatedComments = false`)
2024-02-08 01:50:48 +00:00
Yarden Shoham
6992ef98fc
Don't do a full page load when clicking Watch or Star (#29001)
- The watch/unwatch button and star/unstar get their own template
- The backend returns HTML instead of redirect

---------

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2024-02-05 09:56:20 +00:00
Lunny Xiao
9bb1adf8ea
Move some repository transfer functions to service layer (#28855) 2024-02-05 06:17:23 +00:00
KN4CK3R
f8b471ace1
Unify user update methods (#28733)
Fixes #28660
Fixes an admin api bug related to `user.LoginSource`
Fixed `/user/emails` response not identical to GitHub api

This PR unifies the user update methods. The goal is to keep the logic
only at one place (having audit logs in mind). For example, do the
password checks only in one method not everywhere a password is updated.

After that PR is merged, the user creation should be next.
2024-02-04 13:29:09 +00:00
wxiaoguang
b4513f48ce
Do not render empty comments (#29039)
Follow #28654

The `comments` might be empty, so the templates shouldn't (and couldn't)
use it to render. When there is no comment, the UI should also be
updated to empty, so returning an empty body is good enough.
2024-02-04 13:05:01 +00:00
silverwind
a6cea59514
Update tool dependencies (#29030) 2024-02-02 19:11:39 -05:00
ChristopherHX
a9bc590d5d
Add artifacts v4 jwt to job message and accept it (#28885)
This change allows act_runner / actions_runner to use jwt tokens for
`ACTIONS_RUNTIME_TOKEN` that are compatible with
actions/upload-artifact@v4.

The official Artifact actions are now validating and extracting the jwt
claim scp to get the runid and jobid, the old artifact backend also
needs to accept the same token jwt.

---
Related to #28853

I'm not familar with the auth system, maybe you know how to improve this

I have tested
- the jwt token is a valid token for artifact uploading
- the jwt token can be parsed by actions/upload-artifact@v4 and passes
their scp claim validation

Next steps would be a new artifacts@v4 backend.

~~I'm linking the act_runner change soonish.~~
act_runner change to make the change effective and use jwt tokens
<https://gitea.com/gitea/act_runner/pulls/471>
2024-02-02 14:25:59 +00:00
KN4CK3R
c3e462921e
Improve user search display name (#29002)
I tripped over this strange method and I don't think we need that
workaround to fix the value.

old:

![grafik](https://github.com/go-gitea/gitea/assets/1666336/c8b6797b-eb45-4dec-99db-1b0649a34ec5)

new:

![grafik](https://github.com/go-gitea/gitea/assets/1666336/ab1a65ae-de5b-4ce4-9813-3b8b39c7922e)

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-02-01 17:10:16 +00:00
Lunny Xiao
3b50dd95ce
Some refactor for git http (#28995)
# Purpose

This PR makes git http related functions use the same `context.Context`
so they can be maintained easier.
2024-01-31 15:23:22 +00:00
Zettat123
adc3598a75
Fix an actions schedule bug (#28942)
In #28691, schedule plans will be deleted when a repo's actions unit is
disabled. But when the unit is enabled, the schedule plans won't be
created again.

This PR fixes the bug. The schedule plans will be created again when the
actions unit is re-enabled
2024-01-31 14:55:12 +00:00
Yarden Shoham
3e8414179c
Introduce htmx and use it to avoid full page load on Subscribe and Follow (#28908)
- Closes https://github.com/go-gitea/gitea/issues/28880

This change introduces htmx with the hope we could use it to make Gitea
more reactive while keeping our "HTML rendered on the server" approach.

- Add `htmx.js` that imports `htmx.org` and initializes error toasts
- Place `hx-headers='{"x-csrf-token": "{{.CsrfToken}}"}'` on the
`<body>` tag so every request that htmx sends is authenticated
- Place `hx-swap="outerHTML"` on the `<body>` tag so the response of
each htmx request replaces the tag it targets (as opposed to its inner
content)
- Place `hx-push-url="false"` on the `<body>` tag so no changes to the
URL happen in `<form>` tags
- Add the `is-loading` class during request

### Error toasts in action


![errors](https://github.com/go-gitea/gitea/assets/20454870/181a1beb-1cb8-4858-abe8-fa1fc3f5b8f3)

## Don't do a full page load when clicking the subscribe button
- Refactor the form around the subscribe button into its own template
- Use htmx to perform the form submission
- `hx-boost="true"` to prevent the default form submission behavior of a
full page load
- `hx-sync="this:replace"` to replace the current request (in case the
button is clicked again before the response is returned)
  - `hx-target="this"` to replace the form tag with the new form tag
- Change the backend response to return a `<form>` tag instead of a
redirect to the issue page

### Before


![subscribe_before](https://github.com/go-gitea/gitea/assets/20454870/cb2439a2-c3c0-425c-8d3c-5d646b1cdc28)

### After


![subscribe_after](https://github.com/go-gitea/gitea/assets/20454870/6fcd77d8-7b11-40b0-af4f-b152aaad787c)

## Don't do a full page load when clicking the follow button
- Use htmx to perform the button request
- `hx-post="{{.ContextUser.HomeLink}}?action=follow"` to send a POST
request to follow the user
- `hx-target="#profile-avatar-card"` to target the card div for
replacement
- `hx-indicator="#profile-avatar-card"` to place the loading indicator
on the card
- Change the backend response to return a `<div>` tag (the card) instead
of a redirect to the user page

### Before


![follow_before](https://github.com/go-gitea/gitea/assets/20454870/a210b643-6e74-4ff9-8e61-d658c62edf1f)

### After


![follow_after](https://github.com/go-gitea/gitea/assets/20454870/5bb19ae9-0d59-4ae3-b538-4c83334e4722)

---------

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: 6543 <m.huber@kithara.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2024-01-30 15:45:54 +01:00
wackbyte
d9b3849454
Fix inconsistent naming of OAuth 2.0 ENABLE setting (#28951)
Renames it to `ENABLED` to be consistent with other settings and
deprecates it.

I believe this change is necessary because other setting groups such as
`attachment`, `cors`, `mailer`, etc. have an `ENABLED` setting, but
`oauth2` is the only one with an `ENABLE` setting, which could cause
confusion for users.

This is no longer a breaking change because `ENABLE` has been set as
deprecated and as an alias to `ENABLED`.
2024-01-28 12:36:44 +00:00
Lunny Xiao
5f82ead13c
Simplify how git repositories are opened (#28937)
## Purpose
This is a refactor toward building an abstraction over managing git
repositories.
Afterwards, it does not matter anymore if they are stored on the local
disk or somewhere remote.

## What this PR changes
We used `git.OpenRepository` everywhere previously.
Now, we should split them into two distinct functions:

Firstly, there are temporary repositories which do not change:

```go
git.OpenRepository(ctx, diskPath)
```

Gitea managed repositories having a record in the database in the
`repository` table are moved into the new package `gitrepo`:

```go
gitrepo.OpenRepository(ctx, repo_model.Repo)
```

Why is `repo_model.Repository` the second parameter instead of file
path?
Because then we can easily adapt our repository storage strategy.
The repositories can be stored locally, however, they could just as well
be stored on a remote server.

## Further changes in other PRs
- A Git Command wrapper on package `gitrepo` could be created. i.e.
`NewCommand(ctx, repo_model.Repository, commands...)`. `git.RunOpts{Dir:
repo.RepoPath()}`, the directory should be empty before invoking this
method and it can be filled in the function only. #28940
- Remove the `RepoPath()`/`WikiPath()` functions to reduce the
possibility of mistakes.

---------

Co-authored-by: delvh <dev.lh@web.de>
2024-01-27 21:09:51 +01:00
silverwind
60e4a98ab0
Preserve BOM in web editor (#28935)
The `ToUTF8*` functions were stripping BOM, while BOM is actually valid
in UTF8, so the stripping must be optional depending on use case. This
does:

- Add a options struct to all `ToUTF8*` functions, that by default will
strip BOM to preserve existing behaviour
- Remove `ToUTF8` function, it was dead code
- Rename `ToUTF8WithErr` to `ToUTF8`
- Preserve BOM in Monaco Editor
- Remove a unnecessary newline in the textarea value. Browsers did
ignore it, it seems but it's better not to rely on this behaviour.

Fixes: https://github.com/go-gitea/gitea/issues/28743
Related: https://github.com/go-gitea/gitea/issues/6716 which seems to
have once introduced a mechanism that strips and re-adds the BOM, but
from what I can tell, this mechanism was removed at some point after
that PR.
2024-01-27 18:02:51 +00:00
Anthony Quéré
3084c990b0
fix: update enable_prune even if mirror_interval is not provided (#28905)
Currently, the `updateMirror` function which update the mirror interval
and enable prune properties is only executed by the `Edit` function. But
it is only triggered if `opts.MirrorInterval` is not null, even if
`opts.EnablePrune` is not null.

With this patch, it is now possible to update the enable_prune property
with a patch request without modifying the mirror_interval.

## Example request with httpie

### Currently:
**Does nothing**
```bash
http PATCH https://gitea.your-server/api/v1/repos/myOrg/myRepo "enable_prune:=false" -A bearer -a $gitea_token
```

**Updates both properties**
```bash
http PATCH https://gitea.your-server/api/v1/repos/myOrg/myRepo "enable_prune:=false" "mirror_interval=10m" -A bearer -a $gitea_token
```

### With the patch
**Updates enable_prune only**
```bash
http PATCH https://gitea.your-server/api/v1/repos/myOrg/myRepo "enable_prune:=false" -A bearer -a $gitea_token
```
2024-01-25 20:51:32 +08:00
JakobDev
7ed18566e1
Show in Web UI if file is vendored and generated (#28620)
This simple shows in the Web UI is a file is vendored and/or generated.


![grafik](https://github.com/go-gitea/gitea/assets/15185051/bfe45fcc-cfec-4ba1-8d93-c0a262c3ae1c)

![grafik](https://github.com/go-gitea/gitea/assets/15185051/9f222a49-e7bf-4540-ba64-43dcc5767b76)

---------

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-01-24 13:51:37 +08:00
Jimmy Praet
ee3e83eec1
Don't reload timeline page when (un)resolving or replying conversation (#28654)
Fixes #15981
2024-01-24 03:26:28 +00:00
JakobDev
4567a3a1ad
Allow to sync tags from admin dashboard (#28045)
Inspired by #28043

This PR adds a option to the Admin Dashboard to sync all tags to the
database.


![grafik](https://github.com/go-gitea/gitea/assets/15185051/26ac51ef-82a4-4fd9-a6a6-5aefec612ff6)
2024-01-24 03:02:04 +00:00
JakobDev
f3ba3e922d
Don't run push mirrors for archived repos (#27140)
Fixes https://codeberg.org/forgejo/forgejo/issues/612

At the moment push mirrors are still run if a repo is archived. This PR
fixes this.
2024-01-24 02:32:57 +00:00
KN4CK3R
caad931385
Prevent anonymous container access if RequireSignInView is enabled (#28877)
Fixes #28875

If `RequireSignInView` is enabled, the ghost user has no access rights.
2024-01-21 16:31:29 +00:00
6543
49d7663929
Revert adding htmx until we finaly decide to add it (#28879) 2024-01-21 21:42:35 +08:00
Yarden Shoham
1df06e3f39
Don't do a full page load when clicking the follow button (#28872)
- Use htmx to perform the button request
- `hx-headers='{"x-csrf-token": "{{.CsrfToken}}"}'` to authenticate (we
should probably learn to reuse this)
- `hx-post="{{.ContextUser.HomeLink}}?action=follow"` to send a POST
request to follow the user
- `hx-target="#profile-avatar-card"` to target the card div for
replacement
- `hx-swap="outerHTML"` to replace the card (as opposed to its inner
content) with the new card that shows the new follower count and button
color
- Change the backend response to return a `<div>` tag (the card) instead
of a redirect to the user page

# Before

![before](https://github.com/go-gitea/gitea/assets/20454870/86899d15-41c9-42ed-bd85-253b9caac7f8)

# After

![after](https://github.com/go-gitea/gitea/assets/20454870/59455d96-548c-4a81-a5b0-fab1dc1e87ef)

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
2024-01-20 23:37:22 +01:00
Yarden Shoham
14f6fcf448
Don't do a full page load when clicking the subscribe button (#28871)
- Refactor the form around the subscribe button into its own template
- Use htmx to perform the form submission
- `hx-boost="true"` to prevent the default form submission behavior of a
full page load
- `hx-sync="this:replace"` to replace the current request (in case the
button is clicked again before the response is returned)
  - `hx-target="this"` to replace the form tag with the new form tag
  - `hx-push-url="false"` to disable a change to the URL
  - `hx-swap="show:no-scroll"` to preserve the scroll position
- Change the backend response to return a `<form>` tag instead of a
redirect to the issue page
- Include `htmx.org` in javascript imports

This change introduces htmx with the hope we could use it to make Gitea
more reactive while keeping our "HTML rendered on the server" approach.

# Before


![before](https://github.com/go-gitea/gitea/assets/20454870/4ec3e81e-4dbf-4338-9968-b0655c276d4c)

# After


![after](https://github.com/go-gitea/gitea/assets/20454870/8c8841af-9bfe-40b2-b1cd-cd1f3c90ba4d)

---------

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
2024-01-20 20:44:51 +01:00
Yarden Shoham
5574968ecb
Set the isPermaLink attribute to false in the guid sub-element (#28860)
Our `guid` is not a valid URL so according to the RSS spec the
`isPermaLink` attribute needs to be set to `false`.

Example:
```diff
<item>
  <title>yardenshoham opened issue &lt;a href=&#34;https://3000-yardenshoham-gitea-jqlxjixsez9.ws-us107.gitpod.io/yardenshoham/test/issues/2&#34;&gt;yardenshoham/test#2&lt;/a&gt;</title>
  <link>https://3000-yardenshoham-gitea-jqlxjixsez9.ws-us107.gitpod.io/yardenshoham/test/issues/2</link>
  <description>2#hey</description>
  <content:encoded><![CDATA[2#hey]]></content:encoded>
  <author>yardenshoham</author>
- <guid>355: https://3000-yardenshoham-gitea-jqlxjixsez9.ws-us107.gitpod.io/yardenshoham/test/issues/2</guid>
+ <guid isPermaLink="false">355: https://3000-yardenshoham-gitea-jqlxjixsez9.ws-us107.gitpod.io/yardenshoham/test/issues/2</guid>
  <pubDate>Tue, 16 Jan 2024 18:54:36 +0000</pubDate>
</item>
```

References:
-
https://www.rssboard.org/rss-specification#ltguidgtSubelementOfLtitemgt
- Fixes https://github.com/go-gitea/gitea/issues/28734
- https://github.com/gorilla/feeds/issues/78
- https://github.com/go-gitea/gitea/pull/21550
- https://github.com/gorilla/feeds/pull/107

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
2024-01-20 02:38:16 +00:00
Adam Majer
d68a613ba8
Add support for sha256 repositories (#23894)
Currently only SHA1 repositories are supported by Gitea. This adds
support for alternate SHA256 with the additional aim of easier support
for additional hash types in the future.

Fixes: #13794
Limited by: https://github.com/go-git/go-git/issues/899
Depend on: #28138

<img width="776" alt="图片" src="https://github.com/go-gitea/gitea/assets/81045/5448c9a7-608e-4341-a149-5dd0069c9447">

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2024-01-19 17:05:02 +01:00
yp05327
07ba4d9f87
Fix incorrect action duration time when rerun the job before executed once (#28364)
Fix #28323
Reason was mentioned here:
https://github.com/go-gitea/gitea/issues/28323#issuecomment-1841867298

### Changes: (maybe breaking)
We can rerun jobs in Gitea, so there will be some problems in
calculating duration time.
In this PR, I use the exist `Started` and `Stopped` column to record the
last run time instead of the total time,
and add a new `PreviousDuration` column to record the previous duration
time.
You can also check the cost time of last run:

![image](https://github.com/go-gitea/gitea/assets/18380374/2ca39145-2c92-401a-b78b-43164f7ae061)
2024-01-19 14:05:49 +00:00
KN4CK3R
461d8b53c2
Fix some RPM registry flaws (#28782)
Related #26984
(https://github.com/go-gitea/gitea/pull/26984#issuecomment-1889588912)

Fix admin cleanup message.
Fix models `Get` not respecting default values.
Rebuild RPM repository files after cleanup.
Do not add RPM group to package version name.
Force stable sorting of Alpine/Debian/RPM repository data.
Fix missing deferred `Close`.
Add tests for multiple RPM groups.
Removed non-cached `ReplaceAllStringRegex`.

If there are multiple groups available, it's stated in the package
installation screen:

![grafik](https://github.com/go-gitea/gitea/assets/1666336/8f132760-882c-4ab8-9678-77e47dfc4415)
2024-01-19 11:37:10 +00:00
FuXiaoHei
ad98ea63ee
Fix uploaded artifacts should be overwritten (#28726)
Fix `Uploaded artifacts should be overwritten`
https://github.com/go-gitea/gitea/issues/28549

When upload different content to uploaded artifact, it checks that
content size is not match in db record with previous artifact size, then
the new artifact is refused.

Now if it finds uploading content size is not matching db record when
receiving chunks, it updates db records to follow the latest size value.
2024-01-17 11:21:16 +08:00
Viktor Kuzmin
49eb168677
Retarget depending pulls when the parent branch is deleted (#28686)
Sometimes you need to work on a feature which depends on another (unmerged) feature.
In this case, you may create a PR based on that feature instead of the main branch.
Currently, such PRs will be closed without the possibility to reopen in case the parent feature is merged and its branch is deleted.
Automatic target branch change make life a lot easier in such cases.
Github and Bitbucket behave in such way.

Example:
$PR_1$: main <- feature1
$PR_2$: feature1 <- feature2

Currently, merging $PR_1$ and deleting its branch leads to $PR_2$ being closed without the possibility to reopen.
This is both annoying and loses the review history when you open a new PR.

With this change, $PR_2$ will change its target branch to main ($PR_2$: main <- feature2) after $PR_1$ has been merged and its branch has been deleted.

This behavior is enabled by default but can be disabled.
For security reasons, this target branch change will not be executed when merging PRs targeting another repo. 

Fixes #27062
Fixes #18408

---------

Co-authored-by: Denys Konovalov <kontakt@denyskon.de>
Co-authored-by: delvh <dev.lh@web.de>
2024-01-17 01:44:56 +01:00
Lunny Xiao
c08d263a19
Remove trust model selection from repository creation on web page because it can be changed in settings later (#28814)
As more and more options can be set for creating the repository, I don't
think we should put all of them into the creation web page which will
make things look complicated and confusing.

And I think we need some rules about how to decide which should/should
not be put in creating a repository page. One rule I can imagine is if
this option can be changed later and it's not a MUST on the creation,
then it can be removed on the page. So I found trust model is the first
one.

This PR removed the trust model selections on creating a repository web
page and kept others as before.
This is also a preparation for #23894 which will add a choice about SHA1
or SHA256 that cannot be changed once the repository created.
2024-01-16 20:54:48 +08:00
JakobDev
885cc32b14
Show latest commit for file (#28067)
If you view a file, you can now see the latest commit that changed that file.

![grafik](https://github.com/go-gitea/gitea/assets/15185051/272c3120-6db7-4f88-86e1-60080c9aabe5)

---------

Co-authored-by: Denys Konovalov <kontakt@denyskon.de>
2024-01-15 17:42:15 +01:00
Gwyneth Morgan
2c3da59e27
Add ability to see open and closed issues at the same time (#28757)
By clicking the currently active "Open" or "Closed" filter button in the
issue list, the user can toggle that filter off in order to see all
issues regardless of state. The URL "state" parameter will be set to
"all" and the "Open"/"Closed" button will not show as active.
2024-01-15 15:07:22 +00:00
KN4CK3R
3793ec4d14
Fix GetCommitStatuses (#28787)
Fixes #28764.
2024-01-15 14:07:32 +00:00
KN4CK3R
637451a45e
Rework markup link rendering (#26745)
Fixes #26548

This PR refactors the rendering of markup links. The old code uses
`strings.Replace` to change some urls while the new code uses more
context to decide which link should be generated.

The added tests should ensure the same output for the old and new
behaviour (besides the bug).

We may need to refactor the rendering a bit more to make it clear how
the different helper methods render the input string. There are lots of
options (resolve links / images / mentions / git hashes / emojis / ...)
but you don't really know what helper uses which options. For example,
we currently support images in the user description which should not be
allowed I think:

<details>
  <summary>Profile</summary> 

https://try.gitea.io/KN4CK3R

![grafik](https://github.com/go-gitea/gitea/assets/1666336/109ae422-496d-4200-b52e-b3a528f553e5)

</details>

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-01-15 08:49:24 +00:00
Jimmy Praet
5d3fdd1212
Add branch protection setting for ignoring stale approvals (#28498)
Fixes #27114.

* In Gitea 1.12 (#9532), a "dismiss stale approvals" branch protection
setting was introduced, for ignoring stale reviews when verifying the
approval count of a pull request.
* In Gitea 1.14 (#12674), the "dismiss review" feature was added.
* This caused confusion with users (#25858), as "dismiss" now means 2
different things.
* In Gitea 1.20 (#25882), the behavior of the "dismiss stale approvals"
branch protection was modified to actually dismiss the stale review.

For some users this new behavior of dismissing the stale reviews is not
desirable.

So this PR reintroduces the old behavior as a new "ignore stale
approvals" branch protection setting.

---------

Co-authored-by: delvh <dev.lh@web.de>
2024-01-15 07:20:01 +00:00
yp05327
ce0225c1b8
Forbid removing the last admin user (#28337)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-01-15 06:51:43 +00:00
Lunny Xiao
70c4aad8e1
Move more functions to db.Find (#28419)
Following #28220

This PR move more functions to use `db.Find`.

---------

Co-authored-by: delvh <dev.lh@web.de>
2024-01-15 02:19:25 +00:00
Earl Warren
3f342d6dff
Modernize merge button (#28140)
- Make use of the `form-fetch-action` for the merge button, which will
automatically prevent the action from happening multiple times and show
a nice loading indicator as user feedback while the merge request is
being processed by the server.
- Adjust the merge PR code to JSON response as this is required for the
`form-fetch-action` functionality.
- Resolves https://codeberg.org/forgejo/forgejo/issues/774
- Likely resolves the cause of
https://codeberg.org/forgejo/forgejo/issues/1688#issuecomment-1313044

(cherry picked from commit 4ec64c19507caefff7ddaad722b1b5792b97cc5a)

Co-authored-by: Gusted <postmaster@gusted.xyz>
2024-01-15 00:00:47 +02:00
Lunny Xiao
97292da960
Fix schedule tasks bugs (#28691)
Fix #28157 

This PR fix the possible bugs about actions schedule.

## The Changes

- Move `UpdateRepositoryUnit` and `SetRepoDefaultBranch` from models to
service layer
- Remove schedules plan from database and cancel waiting & running
schedules tasks in this repository when actions unit has been disabled
or global disabled.
- Remove schedules plan from database and cancel waiting & running
schedules tasks in this repository when default branch changed.
2024-01-12 21:50:38 +00:00
Nanguan Lin
9b59af37e7
Fix issue dependencies (#27736)
Fix #27722 
Fix #27357
Fix #25837 
1. Fix the typo `BlockingByDependenciesNotPermitted`, which causes the
`not permitted message` not to show. The correct one is `Blocking` or
`BlockedBy`
2. Rewrite the perm check. The perm check uses a very tricky way to
avoid duplicate checks for a slice of issues, which is confusing. In
fact, it's also the reason causing the bug. It uses `lastRepoID` and
`lastPerm` to avoid duplicate checks, but forgets to assign the
`lastPerm` at the end of the code block. So I rewrote this to avoid this
trick.
![I U1AT{GNFY3
1HZ`6L{(2L](https://github.com/go-gitea/gitea/assets/70063547/79acd02a-a567-4316-ae0d-11c6461becf1)
3. It also reuses the `blocks` slice, which is even more confusing. So I
rewrote this too.

![UARFPXRGGZQFB7J$2`R}5_R](https://github.com/go-gitea/gitea/assets/70063547/f21cff0f-d9ac-4ce4-ae4d-adffc98ecd99)
2024-01-12 16:49:02 +00:00
Denys Konovalov
4f8f5f6e25
Assign pull request to project during creation (#28227)
When creating a pull request, allow directly assigning it to a project,
as it is already possible for issues.

After:


![grafik](https://github.com/go-gitea/gitea/assets/47871822/01dc2b3d-d56a-4053-b2fc-138725d7633a)
2024-01-12 15:25:15 +00:00
Exploding Dragon
ba4d0b8ffb
Support for grouping RPMs using paths (#26984)
The current rpm repository places all packages in the same repository,
and different systems (el7,f34) may hit packages that do not belong to
this distribution ( #25304 ) , which now supports grouping of rpm.

![图片](https://github.com/go-gitea/gitea/assets/33776693/d1e1d99f-7799-4b2b-a19b-cb2a5c692914)

Fixes #25304 .
Fixes #27056 .

Refactor: [#25866](https://github.com/go-gitea/gitea/pull/25866)
2024-01-12 03:16:05 +00:00
Jack Hay
7c2f093e85
Require token for GET subscription endpoint (#28765)
Fixes  #28756

## Changes
- Require and check API token for `GET
/repos/{owner}/{repo}/subscription` in order to populate `ctx.Doer`.
2024-01-12 01:57:58 +00:00
wxiaoguang
2df7563f31
Recommend/convert to use case-sensitive collation for MySQL/MSSQL (#28662)
Mainly for MySQL/MSSQL.

It is important for Gitea to use case-sensitive database charset
collation. If the database is using a case-insensitive collation, Gitea
will show startup error/warning messages, and show the errors/warnings
on the admin panel's Self-Check page.

Make `gitea doctor convert` work for MySQL to convert the collations of
database & tables & columns.

* Fix #28131

## ⚠️ BREAKING ⚠️

It is not quite breaking, but it's highly recommended to convert the
database&table&column to a consistent and case-sensitive collation.
2024-01-10 11:03:23 +00:00
Kyle D
54acf7b0d4
Normalize oauth email username (#28561) 2024-01-03 18:48:20 -06:00
vincent
f8a1bad883
Fix: system webhooks API bug (#28531)
- Fix the bug about admin/hooks API that `GET /admin/hooks` can only
fetch system_hooks, `POST /admin/hooks` can only create default_hooks.
2023-12-31 04:31:50 +00:00
wxiaoguang
e5d8c4b8d4
Avoid cycle-redirecting user/login page (#28636)
Fix #28231, and remove some unused code. The `db.HasEngine` doesn't seem
useful because the db engine is always initialized before web route.
2023-12-30 08:48:34 +00:00
wxiaoguang
f3999888c0
Refactor some legacy code and remove unused code (#28622)
1. use slices.Contains, remove Int64sContains
2. use HashEmail, remove base.EncodeMD5
3. remove BasicAuthEncode, IsLetter
2023-12-28 09:38:59 +00:00
katsu
42149ff1a8
fix wrong link in user and organization profile when using relative url (#28617)
fix #28436.
the doc https://docs.gitea.com/usage/profile-readme maybe also need to
be updated to tell that
the main branch is necessary,which means the following three conditions
should be satisfied:
- repo: **.profile**
- branch: **[default branch]**
- markdown: **README.md**
2023-12-27 08:32:27 +00:00
Lunny Xiao
baf0d402d9
Add get actions runner registration token for API routes, repo, org, user and global level (#27144)
Replace #23761

---------

Co-authored-by: Denys Konovalov <kontakt@denyskon.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-12-27 07:57:54 +00:00
delvh
778ad795fd
Refactor deletion (#28610)
Introduce the new generic deletion methods
- `func DeleteByID[T any](ctx context.Context, id int64) (int64, error)`
- `func DeleteByIDs[T any](ctx context.Context, ids ...int64) error`
- `func Delete[T any](ctx context.Context, opts FindOptions) (int64,
error)`

So, we no longer need any specific deletion method and can just use
the generic ones instead.

Replacement of #28450

Closes #28450

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-12-25 21:25:29 +01:00
wxiaoguang
b41925cee3
Refactor CORS handler (#28587)
The CORS code has been unmaintained for long time, and the behavior is
not correct.

This PR tries to improve it. The key point is written as comment in
code. And add more tests.

Fix #28515
Fix #27642
Fix #17098
2023-12-25 20:13:18 +08:00
Jean-Baptiste Gomond
d0f24ff4ca
Added instance-level variables (#28115)
This PR adds instance-level variables, and so closes #27726



![gitea_instance_variables_1](https://github.com/go-gitea/gitea/assets/8344487/ad409cd4-ce36-4c84-a764-34451b0fb63a)

![gitea_instance_variables_2](https://github.com/go-gitea/gitea/assets/8344487/426f0965-dec6-4560-948c-067cdeddd720)

![gitea_instance_variables_3](https://github.com/go-gitea/gitea/assets/8344487/cf1d7776-4938-4825-922e-cbbbf28a5f33)
2023-12-25 07:28:59 +00:00
wxiaoguang
330aab47b3
Include heap pprof in diagnosis report to help debugging memory leaks (#28596) 2023-12-23 19:06:02 +00:00
Zettat123
907c97aabb
Fix status_check_contexts matching bug (#28582)
Fix #28570
Follow #24633

---
Copied from
https://github.com/go-gitea/gitea/issues/28570#issuecomment-1867327999

The feature introduced in #24633 should be compatible with
`status_check_contexts`. However, if one or more of
`status_check_contexts` is not a legal glob expressions, `glob.Compile`
will fail and the contexts cannot match.


21229ed2c8/routers/web/repo/pull.go (L653-L663)
2023-12-22 13:29:50 +00:00
morphelinho
19869d1c11
Fix 405 method not allowed CORS / OIDC (#28583)
Follow #28184
Follow #28515

Fix problem with 405 method not allowed for CORS wrt OIDC
2023-12-22 12:23:24 +00:00
KN4CK3R
3142693892
Use information from previous blame parts (#28572)
Fixes #28545

`git blame` output can contain blocks without commit information if it
was outputted before (the `0dafa97ea3f6d9662299579e5be1875cd28baaae 48
26 1` line):
```
fec25436488499df7231f63b857f66457c193d5c 24 25 1
author Bastien Montagne
author-mail <bastien@blender.org>
author-time 1660731031
author-tz +0200
committer Bastien Montagne
committer-mail <bastien@blender.org>
committer-time 1660731031
committer-tz +0200
summary LibOverride: Add Make/Reset/Clear entries to IDTemplate contextual menu.
previous 839ece6477203382b7a7483062961540180ff1cd source/blender/editors/interface/interface_ops.c
filename source/blender/editors/interface/interface_ops.c
        #include "BLT_translation.h"
0dafa97ea3f6d9662299579e5be1875cd28baaae 48 26 1

3d57bc4397fca53bc9702a27bbf50102827829b0 27 27 1
author Hans Goudey
author-mail <hans@blender.org>
author-time 1700131315
author-tz +0100
committer Hans Goudey
committer-mail <hooglyboogly@noreply.localhost>
committer-time 1700131315
committer-tz +0100
summary Cleanup: Move several blenkernel headers to C++
previous 451c054d9b7d3148a646caa5a72fb127a5b5c408 source/blender/editors/interface/interface_ops.cc
filename source/blender/editors/interface/interface_ops.cc
        #include "BKE_context.hh"
```
This PR reuses data from the previous blame part to fill these gaps.
2023-12-21 22:48:18 +01:00
FuXiaoHei
fe5a616392
Fix merging artifact chunks error when minio storage basepath is set (#28555)
Related to  https://github.com/go-gitea/gitea/issues/28279

When merging artifact chunks, it lists chunks from storage. When storage
is minio, chunk's path contains `MINIO_BASE_PATH` that makes merging
break.

<del>So trim the `MINIO_BASE_PATH` when handle chunks.</del>

Update the chunk file's basename to retain necessary information. It
ensures that the directory in the chunk's path remains unaffected.
2023-12-21 07:04:50 +00:00
Lunny Xiao
e7cb8da2a8
Always enable caches (#28527)
Nowadays, cache will be used on almost everywhere of Gitea and it cannot
be disabled, otherwise some features will become unaviable.

Then I think we can just remove the option for cache enable. That means
cache cannot be disabled.
But of course, we can still use cache configuration to set how should
Gitea use the cache.
2023-12-19 09:29:05 +00:00
Lunny Xiao
4eb2a29910
Improve ObjectFormat interface (#28496)
The 4 functions are duplicated, especially as interface methods. I think
we just need to keep `MustID` the only one and remove other 3.

```
MustID(b []byte) ObjectID
MustIDFromString(s string) ObjectID
NewID(b []byte) (ObjectID, error)
NewIDFromString(s string) (ObjectID, error)
```

Introduced the new interfrace method `ComputeHash` which will replace
the interface `HasherInterface`. Now we don't need to keep two
interfaces.

Reintroduced `git.NewIDFromString` and `git.MustIDFromString`. The new
function will detect the hash length to decide which objectformat of it.
If it's 40, then it's SHA1. If it's 64, then it's SHA256. This will be
right if the commitID is a full one. So the parameter should be always a
full commit id.

@AdamMajer Please review.
2023-12-19 07:20:47 +00:00
Bo-Yi Wu
14ffdf6173
chore(api): support ignore password if login source type is LDAP for creating user API (#28491)
- Modify the `Password` field in `CreateUserOption` struct to remove the
`Required` tag
- Update the `v1_json.tmpl` template to include the `email` field and
remove the `password` field

---------

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2023-12-19 02:32:45 +00:00
yp05327
4ea522fecf
Only check online runner when detecting matching runners in workflows (#28286)
Mentioned:
[#28277](https://github.com/go-gitea/gitea/issues/28277#issuecomment-1831325276)

We should only check online runner when detecting matching runners in
workflows,
as if runner is not online, the workflow will not run.


![image](https://github.com/go-gitea/gitea/assets/18380374/11855e9d-7241-4b7a-b8d7-49dbb94ba1c5)
2023-12-18 16:06:19 +00:00
wxiaoguang
20929edc99
Add option to disable ambiguous unicode characters detection (#28454)
* Close #24483
* Close #28123
* Close #23682
* Close #23149

(maybe more)
2023-12-17 14:38:54 +00:00
Lunny Xiao
408a484224
Adjust object format interface (#28469)
- Remove `ObjectFormatID`
- Remove function `ObjectFormatFromID`.
- Use `Sha1ObjectFormat` directly but not a pointer because it's an
empty struct.
- Store `ObjectFormatName` in `repository` struct
2023-12-17 11:56:08 +00:00
Adam Majer
cbf923e87b
Abstract hash function usage (#28138)
Refactor Hash interfaces and centralize hash function. This will allow
easier introduction of different hash function later on.

This forms the "no-op" part of the SHA256 enablement patch.
2023-12-13 21:02:00 +00:00
KN4CK3R
064f05204c
Add endpoint for not implemented Docker auth (#28457)
Recently Docker started to use the optional `POST /v2/token` endpoint
which should respond with a `404 Not Found` status code instead of the
current `405 Method Not Allowed`.

> Note: Not all token servers implement oauth2. If the request to the
endpoint returns 404 using the HTTP POST method, refer to Token
Documentation for using the HTTP GET method supported by all token
servers.
2023-12-13 15:23:53 -05:00
Lunny Xiao
717d0f5934
Do some missing checks (#28423) 2023-12-12 05:01:17 +00:00
Jack Hay
4e879fed90
Deprecate query string auth tokens (#28390)
## Changes
- Add deprecation warning to `Token` and `AccessToken` authentication
methods in swagger.
- Add deprecation warning header to API response. Example: 
  ```
  HTTP/1.1 200 OK
  ...
  Warning: token and access_token API authentication is deprecated
  ...
  ```
- Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth
tokens entirely. Default is `false`

## Next steps
- `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and
the methods should be removed in swagger
- `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of
the auth methods in question should be removed

## Open questions
- Should there be further changes to the swagger documentation?
Deprecation is not yet supported for security definitions (coming in
[OpenAPI Spec version
3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506))
- Should the API router logger sanitize urls that use `token` or
`access_token`? (This is obviously an insufficient solution on its own)

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-12-12 03:48:53 +00:00
Lunny Xiao
537fa69962
Second part of refactor db.Find (#28194)
Continue of #27798 and move more functions to `db.Find` and `db.Count`.
2023-12-11 16:56:48 +08:00
yp05327
0abb5633e3
Fix commit status in repo list (#28412)
Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/00edf23a-aee1-4177-a12c-bd03ae14e65e)

![image](https://github.com/go-gitea/gitea/assets/18380374/0663e443-682c-4a68-b14e-a0fa0e4c3716)
`TestOrg/testactions` does have commit status, but won't display in
`All`

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/7231db29-9c4e-484f-afa2-87db19be19b8)

Same to #26179.
2023-12-11 06:19:57 +00:00
Lunny Xiao
9a99c17a14
Fix missing check (#28406) 2023-12-10 21:37:10 +02:00
Lunny Xiao
aeb383025f
Also sync DB branches on push if necessary (#28361)
Fix #28056 

This PR will check whether the repo has zero branch when pushing a
branch. If that, it means this repository hasn't been synced.

The reason caused that is after user upgrade from v1.20 -> v1.21, he
just push branches without visit the repository user interface. Because
all repositories routers will check whether a branches sync is necessary
but push has not such check.

For every repository, it has two states, synced or not synced. If there
is zero branch for a repository, then it will be assumed as non-sync
state. Otherwise, it's synced state. So if we think it's synced, we just
need to update branch/insert new branch. Otherwise do a full sync. So
that, for every push, there will be almost no extra load added. It's
high performance than yours.

For the implementation, we in fact will try to update the branch first,
if updated success with affect records > 0, then all are done. Because
that means the branch has been in the database. If no record is
affected, that means the branch does not exist in database. So there are
two possibilities. One is this is a new branch, then we just need to
insert the record. Another is the branches haven't been synced, then we
need to sync all the branches into database.
2023-12-09 13:30:56 +00:00
Jason Song
beb71f5ef6
Include public repos in doer's dashboard for issue search (#28304)
It will fix #28268 .

<img width="1313" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/cb1e07d5-7a12-4691-a054-8278ba255bfc">

<img width="1318" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/4fd60820-97f1-4c2c-a233-d3671a5039e9">

## ⚠️ BREAKING ⚠️

But need to give up some features:

<img width="1312" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/281c0d51-0e7d-473f-bbed-216e2f645610">

However, such abandonment may fix #28055 .

## Backgroud

When the user switches the dashboard context to an org, it means they
want to search issues in the repos that belong to the org. However, when
they switch to themselves, it means all repos they can access because
they may have created an issue in a public repo that they don't own.

<img width="286" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/182dcd5b-1c20-4725-93af-96e8dfae5b97">

It's a confusing design. Think about this: What does "In your
repositories" mean when the user switches to an org? Repos belong to the
user or the org?

Whatever, it has been broken by #26012 and its following PRs. After the
PR, it searches for issues in repos that the dashboard context user owns
or has been explicitly granted access to, so it causes #28268.

## How to fix it

It's not really difficult to fix it. Just extend the repo scope to
search issues when the dashboard context user is the doer. Since the
user may create issues or be mentioned in any public repo, we can just
set `AllPublic` to true, which is already supported by indexers. The DB
condition will also support it in this PR.

But the real difficulty is how to count the search results grouped by
repos. It's something like "search issues with this keyword and those
filters, and return the total number and the top results. **Then, group
all of them by repo and return the counts of each group.**"

<img width="314" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/5206eb20-f8f5-49b9-b45a-1be2fcf679f4">

Before #26012, it was being done in the DB, but it caused the results to
be incomplete (see the description of #26012).

And to keep this, #26012 implement it in an inefficient way, just count
the issues by repo one by one, so it cannot work when `AllPublic` is
true because it's almost impossible to do this for all public repos.


1bfcdeef4c/modules/indexer/issues/indexer.go (L318-L338)

## Give up unnecessary features

We may can resovle `TODO: use "group by" of the indexer engines to
implement it`, I'm sure it can be done with Elasticsearch, but IIRC,
Bleve and Meilisearch don't support "group by".

And the real question is, does it worth it? Why should we need to know
the counts grouped by repos?

Let me show you my search dashboard on gitea.com.

<img width="1304" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/2bca2d46-6c71-4de1-94cb-0c9af27c62ff">

I never think the long repo list helps anything.

And if we agree to abandon it, things will be much easier. That is this
PR.

## TODO

I know it's important to filter by repos when searching issues. However,
it shouldn't be the way we have it now. It could be implemented like
this.

<img width="1316" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/99ee5f21-cbb5-4dfe-914d-cb796cb79fbe">

The indexers support it well now, but it requires some frontend work,
which I'm not good at. So, I think someone could help do that in another
PR and merge this one to fix the bug first.

Or please block this PR and help to complete it.

Finally, "Switch dashboard context" is also a design that needs
improvement. In my opinion, it can be accomplished by adding filtering
conditions instead of "switching".
2023-12-07 13:26:18 +08:00
yp05327
ec90ee61ef
Fix object does not exist error when checking citation file (#28314)
Fix #28264

`DataAsync()` will be called twice.
Caused by https://github.com/go-gitea/gitea/pull/27958.
I'm sorry, I didn't completely remove all unnecessary codes.
2023-12-06 16:51:01 +08:00
Lunny Xiao
09d5028442
Fix the runs will not be displayed bug when the main branch have no workflows but other branches have (#28359) 2023-12-06 01:13:59 +00:00
KN4CK3R
a95d5b7702
Add HEAD support for rpm repo files (#28309)
Fixes https://codeberg.org/forgejo/forgejo/issues/1810

zypper uses HEAD requests to check file existence.

https://github.com/openSUSE/libzypp/blob/HEAD/zypp/RepoManager.cc#L2549

https://github.com/openSUSE/libzypp/blob/HEAD/zypp-curl/ng/network/private/downloaderstates/basicdownloader_p.cc#L116

@ExplodingDragon fyi
2023-12-05 08:01:02 +00:00
Nanguan Lin
0aab2d38a7
Remove deprecated query condition in ListReleases (#28339)
close #24057 
call stack: 

25faee3c5f/routers/api/v1/repo/release.go (L154)

ec1feedbf5/routers/api/v1/utils/page.go (L13-L18)

ec1feedbf5/services/convert/utils.go (L15-L22)

## ⚠️ Breaking   ⚠️ (though it's not caused by this PR)
Do not use `per_page` to specify pagination; use `limit` instead
2023-12-05 07:30:43 +00:00
KN4CK3R
14354e4f8e
Read previous info from git blame (#28306)
Fixes #28280

Reads the `previous` info from the `git blame` output instead of
calculating it afterwards.
2023-12-01 01:26:52 +00:00
JakobDev
3618715fab
Add missing variable in tag list (#28305)
This fixes a regression from #25859

If a tag has no Release, Gitea will show a Link to create a Release for
the Tag if the User has the Permission to do this, but the variable to
indicate that is no longer set.

Used here:

1bfcdeef4c/templates/repo/tag/list.tmpl (L39-L41)
2023-11-30 16:26:56 +01:00
yp05327
8572e71a7f
Fix issue will be detected as pull request when checking First-time contributor (#28237)
Fix #28224
2023-11-27 10:46:55 +00:00
Lunny Xiao
882e502327
Fix comment permissions (#28213)
This PR will fix some missed checks for private repositories' data on
web routes and API routes.
2023-11-25 17:21:21 +00:00
Lunny Xiao
df1e7d0067
Use db.Find instead of writing methods for every object (#28084)
For those simple objects, it's unnecessary to write the find and count
methods again and again.
2023-11-24 03:49:41 +00:00
wxiaoguang
7c0ab8b974
Make CORS work for oauth2 handlers (#28184)
Fix #25473

Although there was `m.Post("/login/oauth/access_token", CorsHandler()...`,
it never really worked, because it still lacks the "OPTIONS" handler.
2023-11-23 21:19:26 +08:00
Nanguan Lin
37ed92d6fd
Revert "Fix EOL handling in web editor" (#28101)
Reverts go-gitea/gitea#27141
close #28097
2023-11-22 09:14:16 +00:00
yp05327
4d0eba8e0a
Fix swagger title (#28164)
![image](https://github.com/go-gitea/gitea/assets/18380374/380859b2-a643-42fd-b53e-78c93c05c826)
Don't know why there's a `.` behind. 🤔
2023-11-22 08:09:19 +00:00
JakobDev
08552f0076
Add edit option for README.md (#28071)
Fix #28059


![grafik](https://github.com/go-gitea/gitea/assets/15185051/07adc216-954e-486b-bfda-df3bc15f2089)
2023-11-20 11:47:55 +00:00
yp05327
e88377470a
Fix project counter in organization/individual profile (#28068)
Fix #28052
Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/5f299983-4b38-4d68-ac0e-4be3c62c0558)

![image](https://github.com/go-gitea/gitea/assets/18380374/f0e12afd-483b-4882-80e9-0261beb3fe0c)

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/47cccb7b-bb35-4a7d-9c5b-83133be0323a)

![image](https://github.com/go-gitea/gitea/assets/18380374/77825c0c-4bf2-4762-83a2-1a5a173cc22d)
2023-11-18 11:02:42 +08:00
JakobDev
48b9d98593
Fix viewing wiki commit on empty repo (#28040)
Fixes https://codeberg.org/forgejo/forgejo/issues/1758

For some weird reason we need to cast this nil.
2023-11-14 19:42:23 +08:00
6543
c6366089df
Dont leak private users via extensions (#28023) 2023-11-13 16:30:24 -06:00
yp05327
089ac06969
Improve profile for Organizations (#27982)
Fixes some problems in #27955:
- autofocus of the search box
before:
if access the home page will jump to the search box

![image](https://github.com/go-gitea/gitea/assets/18380374/7f100e8d-2bd6-4563-85ba-d6008ffc71d7)
after:
will not jump to the search box

![image](https://github.com/go-gitea/gitea/assets/18380374/9aab382c-8ebe-4d18-b990-4adbb6c341ad)

- incorrect display of overview tab
before:

![image](https://github.com/go-gitea/gitea/assets/18380374/b24c79e8-9b79-4576-9276-43bd19172043)
after:

![image](https://github.com/go-gitea/gitea/assets/18380374/7aab5827-f086-4874-bd84-39bd81b872f3)

- improve the permission check to the private profile repo
In #26295, we simply added access control to the private profile.
But if user have access to the private profile repo , we should also
display the profile.

- add a button which can jump to the repo list?
I agree @wxiaoguang 's opinion here:
https://github.com/go-gitea/gitea/pull/27955#issuecomment-1803178239
But it seems that this feature is sponsored. 
So can we add a button which can quickly jump to the repo list or just
move profile to the `overview` page?

---------

Co-authored-by: silverwind <me@silverwind.io>
2023-11-13 15:33:22 +01:00
Earl Warren
340055ab6c
Enable system users search via the API (#28013)
Refs: https://codeberg.org/forgejo/forgejo/issues/1403

(cherry picked from commit dd4d17c159eaf8b642aa9e6105b0532e25972bb7)
2023-11-13 15:31:38 +01:00
6543
603573366a
Add Profile Readme for Organisations (#27955)
https://blog.gitea.com/release-of-1.20.0/#-user-profile-readme-23260
(#23260) did introduce Profile Readme for Users.

This makes it usable for Organisations:


![image](https://github.com/go-gitea/gitea/assets/24977596/464ab58b-a952-414b-8a34-6deaeb4f7d35)

---
*Sponsored by Kithara Software GmbH*

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-11-09 14:05:52 +00:00
6543
16ba16dbe9
Allow to set explore page default sort (#27951)
as title


---
*Sponsored by Kithara Software GmbH*
2023-11-09 10:11:45 +00:00
yp05327
f48a863b99
Fix citation error when the file size is larger than 1024 bytes (#27958)
Mentioned in:
https://github.com/go-gitea/gitea/pull/27931#issuecomment-1798016960

Same to #25131, so use the same method to fix this problem.
2023-11-08 06:40:12 +00:00
KN4CK3R
4f4fea734c
Unify two factor check (#27915)
Fixes #27819

We have support for two factor logins with the normal web login and with
basic auth. For basic auth the two factor check was implemented at three
different places and you need to know that this check is necessary. This
PR moves the check into the basic auth itself.
2023-11-06 08:22:39 +00:00
KN4CK3R
8557a9455b
Revert #27870 (#27917)
Now that we have #27798 we don't need the check from #27870 anymore.
With the check it's not possible to remove an inactive auth source from
the user.
2023-11-06 06:09:34 +00:00
Lunny Xiao
1bf5527eac
Refactor Find Sources and fix bug when view a user who belongs to an unactive auth source (#27798)
The steps to reproduce it.

First, create a new oauth2 source.
Then, a user login with this oauth2 source.
Disable the oauth2 source.
Visit users -> settings -> security, 500 will be displayed.
This is because this page only load active Oauth2 sources but not all
Oauth2 sources.
2023-11-03 01:41:00 +00:00
Lunny Xiao
0ba4ecc3bd
Fix http protocol auth (#27875) 2023-11-02 22:14:33 +08:00
KN4CK3R
e378545f30
Filter inactive auth sources (#27870)
Fix nil access for inactive auth sources.

> Render failed, failed to render template:
user/settings/security/security, error: template error:
builtin(static):user/settings/security/accountlinks:32:20 : executing
"user/settings/security/accountlinks" at <$providerData.IconHTML>: nil
pointer evaluating oauth2.Provider.IconHTML

Code tries to access the auth source of an `ExternalLoginUser` but the
list contains only the active auth sources.
2023-11-02 01:46:26 +02:00
wxiaoguang
a4b242ae7a
Clean up template locale usage (#27856)
After many refactoring PRs for the "locale" and "template context
function", now the ".locale" is not needed for web templates any more.

This PR does a clean up for:

1. Remove `ctx.Data["locale"]` for web context.
2. Use `ctx.Locale` in `500.tmpl`, for consistency.
3. Add a test check for `500 page` locale usage.
4. Remove the `Str2html` and `DotEscape` from mail template context
data, they are copy&paste errors introduced by #19169 and #16200 . These
functions are template functions (provided by the common renderer), but
not template data variables.
5. Make email `SendAsync` function mockable (I was planning to add more
tests but it would make this PR much too complex, so the tests could be
done in another PR)
2023-10-31 22:11:48 +08:00
FuXiaoHei
ec0c6829d4
Fix/upload artifact error windows (#27802)
From issue https://github.com/go-gitea/gitea/issues/27314

When act_runner in `host` mode on Windows. `upload_artifact@v3` actions
use `path.join` to generate `itemPath` params when uploading artifact
chunk. `itemPath` is encoded as `${artifact_name}\${artifact_path}`.

<del>It's twice query escaped from ${artifact_name}/${artifact_path}
that joined by Windows slash \.</del>

**So we need convert Windows slash to linux**.

In https://github.com/go-gitea/gitea/issues/27314, runner shows logs
from `upload_artifact@v3` like with `%255C`:

```
[artifact-cases/test-artifact-cases]   | ::error::Unexpected response. Unable to upload chunk to http://192.168.31.230:3000/api/actions_pipeline/_apis/pipelines/workflows/6/artifacts/34d628a422db9367c869d3fb36be81f5/upload?itemPath=more-files%255Css.json
```

But in gitea server at the same time, But shows `%5C`

```
2023/10/27 19:29:51 ...eb/routing/logger.go:102:func1() [I] router: completed PUT /api/actions_pipeline/_apis/pipelines/workflows/6/artifacts/34d628a422db9367c869d3fb36be81f5/upload?itemPath=more-files%5Css.json for 192.168.31.230:55340, 400 Bad Request in 17.6ms @ <autogenerated>:1(actions.artifactRoutes.uploadArtifact-fm)
```

I found `%255C` is escaped by
`https://github.com/actions/upload-artifact/blob/main/dist/index.js#L2329`.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-10-30 10:40:05 +00:00
Brecht Van Lommel
1756e30e10
Allow pull requests Manually Merged option to be used by non-admins (#27780)
Currently this feature is only available to admins, but there is no
clear reason why. If a user can actually merge pull requests, then this
seems fine as well.

This is useful in situations where direct pushes to the repository are
commonly done by developers.

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-10-30 11:13:06 +08:00
Jean-Baptiste Gomond
641e8165c7
Fix bad method call when deleting user secrets via API (#27829)
Fixed a little mistake when you deleting user secrets via the API. Found
it when working on #27725.
It should be backported to 1.21 I think.
2023-10-29 13:19:57 +01:00
853
e544a277fe
Fix the missing repo count in new team page and edit team page (#27743)
Follow #26942
Before:

![image](https://github.com/go-gitea/gitea/assets/8389962/ffe3e914-c71c-493f-965b-369f27c70b4b)


![image](https://github.com/go-gitea/gitea/assets/8389962/eaad4f07-b8ce-4564-b883-97938de5ed79)

After:


![image](https://github.com/go-gitea/gitea/assets/8389962/353aeabe-caf4-4449-8330-d3a29f9bd326)


![image](https://github.com/go-gitea/gitea/assets/8389962/baf59bb6-2c74-4a56-a28c-1519bc3d2594)
2023-10-25 13:55:56 +08:00
merlleu
796ff26e0e
Do not force creation of _cargo-index repo on publish (#27266)
Hello there,
Cargo Index over HTTP is now prefered over git for package updates: we
should not force users who do not need the GIT repo to have the repo
created/updated on each publish (it can still be created in the packages
settings).

The current behavior when publishing is to check if the repo exist and
create it on the fly if not, then update it's content.
Cargo HTTP Index does not rely on the repo itself so this will be
useless for everyone not using the git protocol for cargo registry.

This PR only disable the creation on the fly of the repo when publishing
a crate.

This is linked to #26844 (error 500 when trying to publish a crate if
user is missing write access to the repo) because it's now optional.

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-10-24 03:26:38 +00:00
silverwind
ce83609ff6
Upgrade to golangci-lint@v1.55.0 (#27756)
https://github.com/golangci/golangci-lint/releases/tag/v1.55.0
2023-10-24 02:54:59 +00:00
Nanguan Lin
61d94b247a
Fix link-action redirect network error (#27734)
<img width="823" alt="image"
src="https://github.com/go-gitea/gitea/assets/70063547/99da3d5a-c28a-4fd0-8ae0-88461a9142e2">

---------

Co-authored-by: 6543 <6543@obermui.de>
2023-10-23 20:34:17 +08:00
Nanguan Lin
1859bbbf91
Fix org team endpoint (#27721)
Fix #27711
2023-10-22 01:40:59 +02:00
Nanguan Lin
881806a50b
Replace -1 with GhostUserID (#27703) 2023-10-20 14:43:08 +00:00
6543
adbc995c34
Show total TrackedTime on issue/pull/milestone lists (#26672)
TODOs:
- [x] write test for `GetIssueTotalTrackedTime`
- [x] frontport kitharas template changes and make them mobile-friendly

---

![image](https://github.com/go-gitea/gitea/assets/24977596/6713da97-201f-4217-8588-4c4cec157171)

![image](https://github.com/go-gitea/gitea/assets/24977596/3a45aba8-26b5-4e6a-b97d-68bfc2bf9024)

---
*Sponsored by Kithara Software GmbH*
2023-10-19 14:08:31 +00:00
JakobDev
3dc0c962bf
Delete repos of org when purge delete user (#27273)
Fixes https://codeberg.org/forgejo/forgejo/issues/1514

I had to remove `RenameOrganization` to avoid circular import.

We should really add some foreign keys to the database.
2023-10-19 13:16:11 +00:00
Jason Song
0a2b93d411
Fix typo "GetLatestRunnerToken" (#27680) 2023-10-18 15:52:44 +00:00
Lunny Xiao
9852c92e9a
Remove unnecessary parameter (#27671) 2023-10-18 15:03:10 +00:00
yp05327
8abc1aae4a
Improve the list header in milestone page (#27302)
The ui of list header in milestone page is not same as issue and pr list
page.
And they are using different template codes which can be merged into
one.

Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/29eb426c-2dd6-4cf2-96e0-82339fb631bb)

![image](https://github.com/go-gitea/gitea/assets/18380374/b36c4dff-469a-4395-8a02-a8c54e17ab21)



![image](https://github.com/go-gitea/gitea/assets/18380374/d882c74a-451b-431d-b58e-3635a15d9718)

![image](https://github.com/go-gitea/gitea/assets/18380374/292cd38d-1b50-47f1-b32c-9b5de90ce5fb)


After:

![image](https://github.com/go-gitea/gitea/assets/18380374/4529234e-67dc-4e17-9440-e638be4fbc41)

![image](https://github.com/go-gitea/gitea/assets/18380374/c15b4d86-0762-497b-b28d-72d09443d629)

---------

Co-authored-by: puni9869 <80308335+puni9869@users.noreply.github.com>
2023-10-18 00:03:42 +00:00
Lunny Xiao
cddf245c12
Replace more db.DefaultContext (#27628)
Target #27065
2023-10-15 17:46:06 +02:00
Nanguan Lin
7480aacdad
Fix 404 when there is an internal version of package (#27615)
close #27601
The Docker registry has an internal version, which leads to 404
2023-10-15 09:22:10 +00:00
JakobDev
76a85a4ce9
Final round of db.DefaultContext refactor (#27587)
Last part of #27065
2023-10-14 08:37:24 +00:00
Evan Tobin
ae419fa494
Fix permissions for Token DELETE endpoint to match GET and POST (#27610)
Fixes #27598

In #27080, the logic for the tokens endpoints were updated to allow
admins to create and view tokens in other accounts. However, the same
functionality was not added to the DELETE endpoint. This PR makes the
DELETE endpoint function the same as the other token endpoints and adds unit tests
2023-10-14 08:04:44 +00:00
KN4CK3R
c6c829fe3f
Enhanced auth token / remember me (#27606)
Closes #27455

> The mechanism responsible for long-term authentication (the 'remember
me' cookie) uses a weak construction technique. It will hash the user's
hashed password and the rands value; it will then call the secure cookie
code, which will encrypt the user's name with the computed hash. If one
were able to dump the database, they could extract those two values to
rebuild that cookie and impersonate a user. That vulnerability exists
from the date the dump was obtained until a user changed their password.
> 
> To fix this security issue, the cookie could be created and verified
using a different technique such as the one explained at
https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies.

The PR removes the now obsolete setting `COOKIE_USERNAME`.
2023-10-14 00:56:41 +00:00
JakobDev
328da56a28
Don't show Link to TOTP if not set up (#27585) 2023-10-11 20:12:54 +00:00
silverwind
73b63d9311
Replace ajax with fetch, improve image diff (#27267)
1. Dropzone attachment removal, pretty simple replacement
2. Image diff: The previous code fetched every image twice, once via
`img[src]` and once via `$.ajax`. Now it's only fetched once and a
second time only when necessary. The image diff code was partially
rewritten.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-10-11 12:34:21 +00:00
JakobDev
ebe803e514
Penultimate round of db.DefaultContext refactor (#27414)
Part of #27065

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-10-11 04:24:07 +00:00
Nanguan Lin
5b6258a0b9
Fix the wrong HTTP response status code for duplicate packages (#27480)
fix #27470 
(hope there is nothing missing 😢 )

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-10-10 15:39:58 +02:00
Michael Santos
5283ce9650
api: GetPullRequestCommits: return file list (#27483)
Fixes https://github.com/go-gitea/gitea/issues/27481

----

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-10-09 11:22:12 +00:00
Sergey Zolotarev
7b79be24ca
Fix panic in storageHandler (#27446)
storageHandler() is written as a middleware but is used as an endpoint
handler, and thus `next` is actually `nil`, which causes a null pointer
dereference when a request URL does not match the pattern (where it
calls `next.ServerHTTP()`).

Example CURL command to trigger the panic:

```
curl -I "http://yourhost/gitea//avatars/a"
```

Fixes #27409

---

Note: the diff looks big but it's actually a small change - all I did
was to remove the outer closure (and one level of indentation) ~and
removed the HTTP method and pattern checks as they seem redundant
because go-chi already does those checks~. You might want to check "Hide
whitespace" when reviewing it.

Alternative solution (a bit simpler): append `, misc.DummyOK` to the
route declarations that utilize `storageHandler()` - this makes it
return an empty response when the URL is invalid. I've tested this one
and it works too. Or maybe it would be better to return a 400 error in
that case (?)
2023-10-06 13:23:14 +00:00
Eng Zer Jun
13d5d2e711
Remove redundant len check around loop (#27464)
This pull request is a minor code cleanup.

From the Go specification (https://go.dev/ref/spec#For_range):

> "1. For a nil slice, the number of iterations is 0."
> "3. If the map is nil, the number of iterations is 0."

`len` returns 0 if the slice or map is nil
(https://pkg.go.dev/builtin#len). Therefore, checking `len(v) > 0`
before a loop is unnecessary.

---

At the time of writing this pull request, there wasn't a lint rule that
catches these issues. The closest I could find is
https://staticcheck.dev/docs/checks/#S103

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2023-10-06 14:49:37 +08:00
JakobDev
f2b2608a86
Don't let API add 2 exclusive labels from same scope (#27433)
Fixes #27380
2023-10-05 03:37:36 +00:00
wxiaoguang
9f8d59858a
Refactor system setting (#27000)
This PR reduces the complexity of the system setting system.

It only needs one line to introduce a new option, and the option can be
used anywhere out-of-box.

It is still high-performant (and more performant) because the config
values are cached in the config system.
2023-10-05 09:08:19 +08:00