0
0
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2024-11-28 13:22:47 +01:00
Commit graph

18235 commits

Author SHA1 Message Date
wxiaoguang
ef339713c2
Refactor internal routers (partial backport, auth token const time comparing) (#32473) (#32479)
Partially backport #32473. LFS related changes are not in 1.22, so skip
them.

1. Ignore non-existing repos during migrations
2. Improve ReadBatchLine's comment
3. Use `X-Gitea-Internal-Auth` header for internal API calls and make
the comparing constant time (it wasn't a serous problem because in a
real world it's nearly impossible to timing-attack the token, but indeed
security related and good to fix and backport)
4. Fix route mock nil check
2024-11-13 10:26:37 +08:00
wxiaoguang
26437a03b0
Disable Oauth check if oauth disabled (#32368) (#32480)
Partially backport Disable Oauth check if oauth disabled #32368
2024-11-12 06:09:47 +00:00
Giteabot
b48df1082e
cargo registry - respect renamed dependencies (#32430) (#32478)
Backport #32430 by usbalbin

Co-authored-by: Albin Hedman <albin9604@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-12 03:26:26 +00:00
Giteabot
eb5733636b
Fix broken releases when re-pushing tags (#32435) (#32449)
Backport #32435 by @Zettat123

Fix #32427

---------

Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-11-10 23:49:59 +00:00
Giteabot
62d8433194
Fix mermaid diagram height when initially hidden (#32457) (#32464)
Backport #32457 by @silverwind

In a hidden iframe, `document.body.clientHeight` is not reliable. Use
`IntersectionObserver` to detect the visibility change and update the
height there.

Fixes: https://github.com/go-gitea/gitea/issues/32392

<img width="885" alt="image"
src="https://github.com/user-attachments/assets/a95ef6aa-27e7-443f-9d06-400ef27919ae">

Co-authored-by: silverwind <me@silverwind.io>
2024-11-11 04:05:42 +08:00
Giteabot
22a93c1cdc
Only provide the commit summary for Discord webhook push events (#32432) (#32447)
Backport #32432 by @kemzeb

Resolves #32371.

#31970 should have just showed the commit summary, but
`strings.SplitN()` was misused such that we did not perform any
splitting at all and just used the message. This was not caught in the
unit test made in that PR since the test commit summary was > 50 (which
truncated away the commit description).

This snapshot resolves this and adds another unit test to ensure that we
only show the commit summary.

Co-authored-by: Kemal Zebari <60799661+kemzeb@users.noreply.github.com>
2024-11-08 09:13:49 +08:00
Lunny Xiao
16e51e91a1
Only query team tables if repository is under org when getting assignees (#32414) (#32426)
backport #32414 

It's unnecessary to query the team table if the repository is not under
organization when getting assignees.
2024-11-06 11:22:11 +08:00
wxiaoguang
936847b3da
Quick fix milestone deadline 9999 for 1.22 (#32423) 2024-11-05 14:13:19 +08:00
Lunny Xiao
7430d069b3
Fix created_unix for mirroring (#32342) (#32406)
Fix #32233
Backport #32342
2024-11-05 11:43:30 +08:00
Lunny Xiao
a3b7b98336
Fix broken image when editing comment with non-image attachments (#32319) (#32345)
Backport #32319 

Fix #32316

---------

Co-authored-by: yp05327 <576951401@qq.com>
2024-11-02 13:34:09 +08:00
Zettat123
898f852d03
Fix missing signature key error when pulling Docker images with SERVE_DIRECT enabled (#32365) (#32397)
Backport #32365

Fix #28121

I did some tests and found that the `missing signature key` error is
caused by an incorrect `Content-Type` header. Gitea correctly sets the
`Content-Type` header when serving files.


348d1d0f32/routers/api/packages/container/container.go (L712-L717)
However, when `SERVE_DIRECT` is enabled, the `Content-Type` header may
be set to an incorrect value by the storage service. To fix this issue,
we can use query parameters to override response header values.

https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html <img
width="600px"

src="https://github.com/user-attachments/assets/f2ff90f0-f1df-46f9-9680-b8120222c555"
/>

In this PR, I introduced a new parameter to the `URL` method to support
additional parameters.

```
URL(path, name string, reqParams url.Values) (*url.URL, error)
```
2024-11-01 03:53:59 +00:00
6543
9d62d7a443
Respect UI.ExploreDefaultSort setting again (#32357) (#32385)
Backport #32357

fix regression of https://github.com/go-gitea/gitea/pull/29430

---
*Sponsored by Kithara Software GmbH*
2024-10-31 13:49:09 +08:00
Lunny Xiao
bf53ab26fa
Fix disable 2fa bug (#32320) (#32330)
Backport #32320
2024-10-25 17:54:56 +08:00
Zettat123
0d11ba93dd
Fix the permission check for user search API and limit the number of returned users for /user/search (#32310)
Partially backport #32288

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-10-23 04:56:13 +00:00
Lunny Xiao
b7d12347f3
Add warn log when deleting inactive users (#32318) (#32321)
Backport #32318 

Add log for the problem #31480
2024-10-23 10:48:42 +08:00
6543
b6f8372d7d
API: enhance SearchIssues swagger docs (#32208) (#32298)
Backport  #32208

This will result in better api clients generated out of the openapi docs for SearchIssues

---
*Sponsored by Kithara Software GmbH*
2024-10-21 08:32:34 +08:00
YR Chen
0c12252c23
Update github.com/go-enry/go-enry to v2.9.1 (#32295) (#32296)
Backport #32295

`go-enry` v2.9.1 includes latest file patterns from Linguist, which can
identify more generated file type, eg. `pdm.lock`.
2024-10-21 02:12:51 +08:00
Zettat123
99cac1f50c
Always update expiration time when creating an artifact (#32281) (#32285)
Backport #32281

Fix #32256
2024-10-18 10:36:23 +08:00
a1012112796
2a99607add
make show stats work when only one file changed (#32244) (#32268)
Backport #32244

fix https://github.com/go-gitea/gitea/issues/32226

in https://github.com/go-gitea/gitea/pull/27775 , it do some changes to
only show diff file tree when more than one file changed. But looks it
also break the `diff-file-list` logic, which looks not expected change.
so try fix it.

/cc @silverwind

example view:

![image](https://github.com/user-attachments/assets/281e9c4f-a269-4d36-94eb-a132058aea87)

Signed-off-by: a1012112796 <1012112796@qq.com>
2024-10-17 08:03:21 +00:00
cloudchamb3r
c1023b97aa
[v1.22 backport] Fix null errors on conversation holder (#32258) (#32266) (#32282)
Backport #32266

fix #32258

Errors in the issue was due to unhandled null check. so i fixed it.

### Detailed description for Issue & Fix
To reproduce that issue, the comment must be deleted on Conversation
tab.
#### Before Delete
<img width="1032" alt="image"

src="https://github.com/user-attachments/assets/72df61ba-7db6-44c9-bebc-ca1178dd27f1">

#### After Delete (AS-IS)
<img width="1010" alt="image"

src="https://github.com/user-attachments/assets/36fa537e-4f8e-4535-8d02-e538c50f0dd8">

gitea already have remove logic for `timeline-item-group`, but because
of null ref exception the later logic that removes `timeline-item-group`
could be not be called correctly.
2024-10-17 13:34:39 +08:00
wxiaoguang
7e0fd4c208
Warn users when they try to use a non-root-url to sign in/up (#32272) (#32273) 2024-10-17 09:01:44 +08:00
wxiaoguang
db7349bc0d
Make owner/repo/pulls handlers use "PR reader" permission (#32254) (#32265)
Backport #32254 (no conflict)
2024-10-15 22:32:54 +08:00
Zettat123
55562f9c79
Update scheduled tasks even if changes are pushed by "ActionsUser" (#32246) (#32252)
Backport #32246

Fix #32219

Co-authored-by: delvh <dev.lh@web.de>
2024-10-14 16:55:16 +08:00
Giteabot
24b65f122a
Only rename a user when they should receive a different name (#32247) (#32249)
Backport #32247 by @lunny

Fix #31996

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-10-13 19:27:37 +00:00
Giteabot
bcfe1f91d2
Fix dropdown content overflow (#31610) (#32250)
Backport #31610 by charles7668

close #31602 

Co-authored-by: charles <30816317+charles7668@users.noreply.github.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-10-13 03:46:55 +00:00
Giteabot
f15d5f0c4a
Fix checkbox bug on private/archive filter (#32236) (#32240)
Backport #32236 by cloudchamb3r

fix #32235

Co-authored-by: cloudchamb3r <jizon0123@protonmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-10-11 21:13:09 +08:00
Lunny Xiao
494017e478
Add release note for v1.22.3 (#32205)
Co-authored-by: sebastian-sauer <sauer.sebastian@gmail.com>
2024-10-09 11:23:48 +08:00
Lunny Xiao
56051d9b3b
Fix bug when a token is given public only (#32204) (#32218)
Backport #32204
2024-10-09 02:16:37 +00:00
Giteabot
4815c4aeae
Add null check for responseData.invalidTopics (#32212) (#32217)
Backport #32212 by @cloudchamb3r

<img width="553" alt="Screenshot 2024-10-08 at 10 49 10 AM"
src="https://github.com/user-attachments/assets/faeef64d-684a-4aba-b7fc-c7c6a0301abe">

`responseData.invalidTopics` can be null but it wasn't handled.

Co-authored-by: cloudchamb3r <jizon0123@protonmail.com>
2024-10-09 09:18:29 +08:00
Lunny Xiao
2e3a191097
Fix javascript error when an anonymous user visiting migration page (#32144) (#32179)
backport #32144

This PR fixes javascript errors when an anonymous user visits the
migration page.
It also makes task view checking more restrictive.

The router moved from `/user/task/{id}/status` to
`/username/reponame/-/migrate/status` because it's a migrate status.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-10-04 17:58:04 +00:00
Giteabot
361221c531
Fixed race condition when deleting documents by repoId in ElasticSearch (#32185) (#32188)
Backport #32185 by @bsofiato

Resolves #32184

Signed-off-by: Bruno Sofiato <bruno.sofiato@gmail.com>
Co-authored-by: Bruno Sofiato <bruno.sofiato@gmail.com>
2024-10-03 16:33:26 +00:00
Lunny Xiao
d86433cce2
Don't init singing keys if oauth2 provider disabled (#32177)
Backport #32148
2024-10-03 11:34:56 -04:00
Lunny Xiao
85897f9b28
Upgrade some dependencies include minio-go (#32166)
backport #32156

Co-authored-by: Manuel Valls Fernández <manuel@valls.dev>
2024-10-03 02:08:06 +00:00
Giteabot
4703e5270f
Ensure GetCSRF doesn't return an empty token (#32130) (#32157)
Backport #32130 by @wolfogre

Since page templates keep changing, some pages that contained forms with
CSRF token no longer have them.

It leads to some calls of `GetCSRF` returning an empty string, which
fails the tests. Like


3269b04d61/tests/integration/attachment_test.go (L62-L63)

The test did try to get the CSRF token and provided it, but it was
empty.

Co-authored-by: Jason Song <i@wolfogre.com>
2024-10-01 05:27:37 +00:00
Giteabot
9fc3915e04
Fix the logic of finding the latest pull review commit ID (#32139) (#32165)
Backport #32139 by @Zettat123

Fix #31423

Co-authored-by: Zettat123 <zettat123@gmail.com>
2024-10-01 13:10:03 +09:00
Lunny Xiao
a4a6c785b4
Don't join repository when loading action table data (#32127) (#32143)
backport #32127
2024-09-30 11:04:08 +08:00
Giteabot
634454c48c
Fix wrong status of Set up Job when first step is skipped (#32120) (#32125)
Backport #32120 by @yp05327

Fix #32089

Co-authored-by: yp05327 <576951401@qq.com>
2024-09-25 10:19:35 +08:00
Zettat123
737c947287
Fix bug in getting merged pull request by commit (#32079) (#32117)
Backport #32079

Fix #32027
2024-09-25 00:12:02 +08:00
Giteabot
1ef74004a2
Fix bug when deleting a migrated branch (#32075) (#32123)
Backport #32075 by @lunny

After migrating a repository with pull request, the branch is missed and
after the pull request merged, the branch cannot be deleted.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-09-24 17:01:05 +08:00
Giteabot
5c73da7c54
Include collaboration repositories on dashboard source/forks/mirrors list (#31946) (#32122)
Backport #31946 by @lunny

Fix #13489

In the original implementation, only `All` will display your owned and
collaborated repositories. For other filters like `Source`, `Mirrors`
and etc. will only display your owned repositories.

This PR removed the limitations. Now except `collbrations`, other
filters will always display your owned and collaborated repositories.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-09-24 15:17:30 +08:00
Giteabot
a32aaf4d43
Truncate commit message during Discord webhook push events (#31970) (#32121)
Backport #31970 by @kemzeb

Resolves #31668.

Co-authored-by: Kemal Zebari <60799661+kemzeb@users.noreply.github.com>
2024-09-24 13:28:01 +08:00
Giteabot
0f834f052b
Allow set branch protection in an empty repository (#32095) (#32119)
Backport #32095 by @lunny

Resolve #32093

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-09-24 11:42:52 +09:00
Giteabot
a3c660f89a
Fix panic when cloning with wrong ssh format. (#32076) (#32118)
Backport #32076 by @lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-09-24 01:58:58 +00:00
Giteabot
d5d5fb1925
Fix Bug in Issue/pulls list (#32081) (#32115) 2024-09-24 01:26:10 +00:00
Giteabot
ae37f31df6
use rebuilt mssql-2017 image (#32109) (#32114)
Backport #32109 by @techknowlogick

Co-authored-by: techknowlogick <techknowlogick@gitea.com>
2024-09-23 21:23:04 +00:00
Giteabot
1f8cbbab3d
Fix rename branch permission bug (#32066) (#32108)
Backport #32066 by @lunny

The previous implementation requires admin permission to rename branches
which should be write permission.

Fix #31993

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-09-22 19:43:13 +00:00
Giteabot
af0cab23ea
Fix wrong last modify time (#32102) (#32104)
Backport #32102 by @lunny

Fix #31930 and more places which use `http.TimeFormat` wrongly.
`http.TimeFormat` requires a UTC time. refer to
https://pkg.go.dev/net/http#TimeFormat

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-09-22 19:12:57 +00:00
Giteabot
73066e3f97
Add bin to Composer Metadata (#32099) (#32106)
Backport #32099 by @maantje

This PR addresses the missing `bin` field in Composer metadata, which
currently causes vendor-provided binaries to not be symlinked to
`vendor/bin` during installation.

In the current implementation, running `composer install` does not
publish the binaries, leading to issues where expected binaries are not
available.

By properly declaring the `bin` field, this PR ensures that binaries are
correctly symlinked upon installation, as described in the [Composer
documentation](https://getcomposer.org/doc/articles/vendor-binaries.md).

Co-authored-by: Jamie Schouten <j4mie@hey.com>
2024-09-22 18:42:02 +00:00
Giteabot
919b82461a
Fix incorrect /tokens api (#32085) (#32092)
Backport #32085 by @KN4CK3R

Fixes #32078

- Add missing scopes output.
- Disallow empty scope.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-09-22 18:02:09 +00:00
Lunny Xiao
69ba37e9fd
Fix mssql ci with a new mssql version on ci (#32094)
backport from https://github.com/go-gitea/gitea/pull/32060
2024-09-23 01:32:26 +08:00