Commit graph

11664 commits

Author SHA1 Message Date
zeripath cbf30830d2
Add missing SameSite settings for the i_like_gitea cookie (#16037)
The i_like_gitea cookie appears to be missing the SameSite settings. I think they
were present at some point but may have been removed in a merge.

This PR ensures that they are set.

Fix #15972

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-05-31 14:22:36 -04:00
zeripath 7a484c0788
Hide mirror passwords on repo settings page (#16022)
This PR simply hides mirror passwords from being displayed on the repo settings page.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-05-31 11:46:20 +01:00
Norwin cb940c4312
Encrypt migration credentials at rest (#15895)
* encrypt migration credentials in task persistence

Not sure this is the best approach, we could encrypt the entire
`PayloadContent` instead. Also instead of clearing individual fields in
payload content, we could just delete the task once it has
(successfully) finished..?

* remove credentials of past migrations

* only run DB migration for completed tasks

* fix binding

* add omitempty

* never serialize unencrypted credentials

* fix import order

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-05-31 04:25:47 -04:00
zeripath 256b1a3561
Fix bug in reverse proxy (#16026)
Unfortunately go panics you try to cast a nil interface{} as another primitive
therefore you need to check interfaces are not nil before casting.

Fix #16025

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-05-31 02:54:16 -04:00
zeripath 3183a465d7
Make modules/context.Context a context.Context (#16031)
* Make modules/context.Context a context.Context

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Simplify context calls

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Set the base context for requests to the HammerContext

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-05-31 02:18:11 -04:00
GiteaBot 518ed504ef [skip ci] Updated translations via Crowdin 2021-05-31 00:11:22 +00:00
silverwind 37205039fc
Replace clipboard.js with async clipboard api (#15899)
Use async clipboard api [1] over this dependency, saving around 10kB
bundle size before minify while delivering the same functionality.

The issue comment button works but does not have a popup indication. We
could add some toast-style notifications in the future to fix that but I
think it's out of scope of this PR.

[1] https://developer.mozilla.org/en-US/docs/Web/API/Clipboard/writeText
2021-05-30 20:15:57 +01:00
zeripath 36dce0e457
Close the dataRC reader sooner (#16023)
Fix #15932

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-05-30 17:38:44 +01:00
Lunny Xiao effad26c0e
Improve assets handler middleware (#15961)
* Use route to serve assets but not middleware

* Fix build error with bindata tag

* convert path to absolute

* fix build

* reduce function stack

* Add tests for assets

* Remove test for assets because they are not generated

* Use a http function to serve assets

* Still use middleware to serve assets then less middleware stack for assets

* Move serveContent to original position

* remove unnecessary blank line change

* Fix bug for /assets* requests

* clean code

Co-authored-by: zeripath <art27@cantab.net>
2021-05-30 18:25:11 +08:00
Jimmy Praet d79c8bc302
Don't manipulate input params in email notification (#16011) 2021-05-30 10:38:38 +01:00
GiteaBot d8c99c64d5 [skip ci] Updated licenses and gitignores 2021-05-30 00:11:22 +00:00
Lunny Xiao a9daebca22
Fix get tag when migration (#16014)
Co-authored-by: zeripath <art27@cantab.net>
2021-05-29 16:04:58 -04:00
KN4CK3R efe77eec85
Unified custom config creation (#16012)
* Unified custom config creation.

* Fixed log message.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-05-29 19:44:14 +01:00
Kyle D 2a998048ef
Remove New PR button in PRs (#15998) 2021-05-29 22:00:02 +08:00
BoYanZh fb6c6895fa
fix get OS on some of the windows computers (#16007) 2021-05-29 08:37:21 +01:00
GiteaBot 461915daa6 [skip ci] Updated translations via Crowdin 2021-05-29 00:11:33 +00:00
Kyle D a5d8f58341
Update queue workers for v1.15 (#15999)
* Update queue workers for v1.15

* update app.example.ini

* update re queue path

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-05-28 13:33:52 -04:00
GiteaBot e39e79d3ff [skip ci] Updated translations via Crowdin 2021-05-28 00:11:34 +00:00
Jimmy Praet c9480c5f60
Add links to toggle WIP status (#14677)
* Add links to toggle PR WIP status

* Allow PR author to toggle WIP status

* refactors and restyling, remove links from translations

Co-authored-by: Norwin <noerw@users.noreply.github.com>
Co-authored-by: silverwind <me@silverwind.io>
2021-05-27 22:02:04 +02:00
zeripath 6d6a65cf5c
Allow Token/Basic auth on raw paths (#15987)
It appears that people have been using token authentication to navigate to raw paths
and recent changes have broken this. Whilst ideally these paths would not be being used
like this - it was not the intention to be a breaking change.

This PR restores access to these paths.

Fix #13772

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-05-27 19:46:11 +01:00
a1012112796 b27a9d43a5
add permission check for `GenerateRepository` (#15946)
Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-05-27 12:08:46 -04:00
Kyle D c61b460038
Fix extra curly brace breaking release compare (#15988) 2021-05-26 21:07:39 -04:00
zeripath 6d39053711
Fix setting of SameSite on cookies (#15989)
Fix #15972

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-05-26 21:01:07 -04:00
techknowlogick 568fe8c595
follow redirect when fetching theme archive (#15986) 2021-05-26 18:03:39 -04:00
a1012112796 d1dbbf43b0
not show link to migration on repo reate page when it was disabled (#15957)
* not show link to migration on repo reate page when it was disabled

Signed-off-by: a1012112796 <1012112796@qq.com>

* fix lint

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-05-26 12:13:00 -04:00
zeripath c1a80b7d6a
Use filepath.ToSlash and Join in indexer defaults and queues (#15971)
As revealed by #15964 there is inconsistent use of filepath Join and path Join
for these directories. The best thing to do is to use filepath.Join but then ToSlash
them for consistency.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2021-05-25 22:50:35 -04:00
GiteaBot b59afa272f [skip ci] Updated translations via Crowdin 2021-05-26 00:04:32 +00:00
fnetX (aka fralix) d5f20104da
Remove branch URL before IssueRefURL (#15968)
Revert change for account / org dashboard where IssueRefURLs do not
contain the full repo URL (case RepoLink is not true)

Co-authored-by: Norwin <noerw@users.noreply.github.com>

Remove trailing whitespace from PR review
2021-05-25 16:02:37 -04:00
Viktor Yakovchuk 5285a3e70e
Add possibility to make branch in branch page (#15960)
* Add possibility to make branch in branch page (#15911)

Add possibility to make branch in branch page
in the area next to Download and Delete buttons.
It is a more intuitive place in the interface
compared to what is already there.

Signed-off-by: Viktor Yakovchuk <viktor@yakovchuk.net>

* Update templates/repo/branch/list.tmpl

Co-authored-by: zeripath <art27@cantab.net>
2021-05-24 15:57:46 +01:00
zeripath 3aaf64885f
Change default queue settings to be low go-routines (#15964)
This PR suggests a change to the default configuration for queues:

* Use a common DATADIR for the queues
* Set starting workers to 0 and make boost a single worker

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-05-24 02:23:55 +03:00
KN4CK3R 6021fbfe7a
Make tasklist checkboxes clickable (#15791)
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-05-23 17:14:03 +03:00
silverwind b4d10598c9
Remove fomantic accordion module (#15951)
Replace it with native <detail> element. Did some slight restyling on
the release downloads, new behaviour should be exactly the same
otherwise.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-05-23 08:45:39 +08:00
silverwind 308b562b3c
Remove remaining fontawesome usage in templates (#15952)
Can not remove the dependency yet because easymde depends on it.
2021-05-22 23:29:46 +02:00
Ikko Ashimine 5c7e2f47b7
Update pull_request_template.md (#15948)
Branch name
- master -> main
2021-05-22 10:46:33 -04:00
KN4CK3R 77fa7146c6
Add email headers (#15939)
* Added additional email headers.

* Added tests.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-05-22 14:47:16 +08:00
silverwind be745be0a4
Double the avatar size factor (#15941)
* Double the avatar size factor

This results on finer Avatar rendering on Hi-DPI display.

* fix test

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-05-21 21:18:43 -04:00
GiteaBot 44d76ff7cb [skip ci] Updated translations via Crowdin 2021-05-22 00:04:28 +00:00
Patrick Schratz d957a1569a
Bump postgres and mysql versions (#15710)
* bump postgres and mysql DB versions

* posgres test against v10

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-05-21 18:11:48 -04:00
a1012112796 fec8324026
add a new internal hook to save ssh log (#15787)
* add a new internal hook to save ssh log

as title, when a ssh error ocure like #15785.
only when switch ``RUN_MODE`` to dev can we
found which error is ocure. But this way is
not a good idea for production envirment.

this changes try save ssh error mesage to the
log file like other log by a new internal hook.
I think it's usefull for find error message
in production envirment. Thanks.

Signed-off-by: a1012112796 <1012112796@qq.com>

* rename and fix nit

* Update modules/private/hook.go

Co-authored-by: silverwind <me@silverwind.io>

Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-05-21 17:37:16 -04:00
Norwin 35b0c8aa7d
fix default avatar url (#15938) 2021-05-21 13:03:27 -04:00
Steven d6d2444f2a
Add curl to rootless docker image (#15908)
Signed-off-by: JustusBunsi <61625851+justusbunsi@users.noreply.github.com>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-05-21 00:03:41 -04:00
sebastian-sauer 90eeb6363c
Fix layout of milestone view (#15927)
fix #15047

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-05-20 17:53:55 -04:00
silverwind 9b7d692e9e
Use node 16 on release tasks too (#15936)
Forgot these in https://github.com/go-gitea/gitea/pull/15804.
2021-05-20 16:37:20 -04:00
zeripath 17be645498
Encrypt LDAP bind password in db with SECRET_KEY (#15547)
* Encrypt LDAP bind password in db with SECRET_KEY

The LDAP source bind password are currently stored in plaintext in the db
This PR simply encrypts them with the setting.SECRET_KEY.

Fix #15460

Signed-off-by: Andrew Thornton <art27@cantab.net>

* remove ui warning regarding unencrypted password

Co-authored-by: silverwind <me@silverwind.io>
2021-05-20 09:29:57 +01:00
GiteaBot 124b256c53 [skip ci] Updated translations via Crowdin 2021-05-20 00:25:08 +00:00
silverwind c636ef8f1d
Disable legal comments in esbuild (#15929)
We already serve licenses.txt so we don't need these inline comments
preserved during esbuild minification. Saves around 4kB before gzip.
2021-05-19 22:46:30 +01:00
Norwin e542b416a7
api: fix overly strict edit pr permissions (#15900)
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2021-05-19 10:48:48 -04:00
silverwind 370cfde35e
Fix and restyle menu on code line (#15913)
* Fix and restyle menu on code line

* fix multiline and more tweaks

* move to separate files

* remove has-context-menu class

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-05-18 23:16:02 -04:00
zeripath 0e56e9c9d9
Restore token authentication for git http when 2FA active (#15915)
There was a small regression in #15303 whereby token auth
with 2FA active would be disallowed.

This PR fixes this.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
2021-05-18 22:30:33 -04:00
GiteaBot 825547b20e [skip ci] Updated translations via Crowdin 2021-05-19 00:25:09 +00:00