Commit graph

16924 commits

Author SHA1 Message Date
Nanguan Lin 6a725b6f9c
Remove deadcode under models/issues (#28536)
Using the Go Official tool `golang.org/x/tools/cmd/deadcode@latest`
mentioned by [go blog](https://go.dev/blog/deadcode).
Just use `deadcode .` in the project root folder and it gives a list of
unused functions. Though it has some false alarms.
This PR removes dead code detected in `models/issues`.
2023-12-19 20:12:02 +01:00
Lunny Xiao e7cb8da2a8
Always enable caches (#28527)
Nowadays, cache will be used on almost everywhere of Gitea and it cannot
be disabled, otherwise some features will become unaviable.

Then I think we can just remove the option for cache enable. That means
cache cannot be disabled.
But of course, we can still use cache configuration to set how should
Gitea use the cache.
2023-12-19 09:29:05 +00:00
Lunny Xiao 4eb2a29910
Improve ObjectFormat interface (#28496)
The 4 functions are duplicated, especially as interface methods. I think
we just need to keep `MustID` the only one and remove other 3.

```
MustID(b []byte) ObjectID
MustIDFromString(s string) ObjectID
NewID(b []byte) (ObjectID, error)
NewIDFromString(s string) (ObjectID, error)
```

Introduced the new interfrace method `ComputeHash` which will replace
the interface `HasherInterface`. Now we don't need to keep two
interfaces.

Reintroduced `git.NewIDFromString` and `git.MustIDFromString`. The new
function will detect the hash length to decide which objectformat of it.
If it's 40, then it's SHA1. If it's 64, then it's SHA256. This will be
right if the commitID is a full one. So the parameter should be always a
full commit id.

@AdamMajer Please review.
2023-12-19 07:20:47 +00:00
David Øvrelid 128eac9e0b
Fix duplicate ID when deleting repo (#28520)
There is an accessibility issue in the interface when attempting to
delete a repository. When I click on "Delete repository," a dialog box
appears, requiring confirmation to proceed with the repository deletion.
However, when I press the "Repo name" label, the wrong input field gains
focus. The focused field is located behind the dialog and is intended
for renaming the repository.
2023-12-19 04:40:05 +00:00
Bo-Yi Wu 14ffdf6173
chore(api): support ignore password if login source type is LDAP for creating user API (#28491)
- Modify the `Password` field in `CreateUserOption` struct to remove the
`Required` tag
- Update the `v1_json.tmpl` template to include the `email` field and
remove the `password` field

---------

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2023-12-19 02:32:45 +00:00
wxiaoguang 11f0519ad8
Update go dependencies (#28518)
Update golang.org/x/crypto for CVE-2023-48795 and update other packages.
`go-git` is not updated because it needs time to figure out why some
tests fail.
2023-12-19 09:18:42 +08:00
Yevhen Pavlov cd2ff6e83d
Bump google/go-github to v57 (#28514) 2023-12-18 15:42:04 -06:00
yp05327 4ea522fecf
Only check online runner when detecting matching runners in workflows (#28286)
Mentioned:
[#28277](https://github.com/go-gitea/gitea/issues/28277#issuecomment-1831325276)

We should only check online runner when detecting matching runners in
workflows,
as if runner is not online, the workflow will not run.


![image](https://github.com/go-gitea/gitea/assets/18380374/11855e9d-7241-4b7a-b8d7-49dbb94ba1c5)
2023-12-18 16:06:19 +00:00
Earl Warren e02095c5b6
Add orphaned topic consistency check (#28507)
- If a topic has zero repository count, it means that none of the
repositories are using that topic, that would make them 'useless' to
keep. One caveat is that if that topic is going to be used in the
future, it will be added again to the database, but simply with a new
ID.

Refs: https://codeberg.org/forgejo/forgejo/pulls/1964

Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-12-18 15:32:08 +00:00
wxiaoguang bf8b082c40
Improve the prompt for "ssh-keygen sign" (#28509)
Close #28505, ref:
* https://github.com/go-gitea/gitea/pull/20112#issuecomment-1165423026
* https://github.com/go-gitea/gitea/issues/28505#issuecomment-1860048116
2023-12-18 22:53:04 +08:00
GiteaBot 69f2b698c5 [skip ci] Updated translations via Crowdin 2023-12-18 00:25:45 +00:00
wxiaoguang 20929edc99
Add option to disable ambiguous unicode characters detection (#28454)
* Close #24483
* Close #28123
* Close #23682
* Close #23149

(maybe more)
2023-12-17 14:38:54 +00:00
Lunny Xiao 408a484224
Adjust object format interface (#28469)
- Remove `ObjectFormatID`
- Remove function `ObjectFormatFromID`.
- Use `Sha1ObjectFormat` directly but not a pointer because it's an
empty struct.
- Store `ObjectFormatName` in `repository` struct
2023-12-17 11:56:08 +00:00
The Magician 7fb6b51470
Remove duplicate option in admin screen and now-unused translation keys (#28492)
Resolves https://github.com/go-gitea/gitea/issues/28451.

This change follows the recommendation by wxiaoguang to remove the
"Disable Minimum Key Size Check" from the "Service Configuration"
section of the UI, because this option belongs to the "SSH
Configuration" section of the administration menu and already has a
functioning indicator in that section of the UI.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-12-17 04:33:37 +00:00
GiteaBot 72529d6e64 [skip ci] Updated translations via Crowdin 2023-12-17 00:26:56 +00:00
Earl Warren 9a15267871
Initalize stroage for orphaned repository doctor (#28487)
- When a repository is orphaned and has objects stored in any of the
storages such as repository avatar or attachments the delete function
would error, because the storage module wasn't initalized.
- Add code to initialize the storage module.

Refs: https://codeberg.org/forgejo/forgejo/pulls/1954

Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-12-16 12:17:39 +00:00
Kyle D b8490d59de
Update docs for DISABLE_QUERY_AUTH_TOKEN (#28485)
As described
[here](https://github.com/go-gitea/gitea/pull/28390#issuecomment-1857553331).
2023-12-15 21:54:35 -05:00
wxiaoguang 047c69bd85
Improve CLI code and descriptions (#28482)
* Close #28444 
* Actually, it doesn't need to use that trick because it looks like it
is not necessary, no user really needs it
* Remove the hidden (legacy) "doctor" subcommand and update documents
* Fix "actions" usage


![image](https://github.com/go-gitea/gitea/assets/2114189/3c2b34a7-4f92-4a6c-96fd-9505e413d4ec)
2023-12-15 15:49:01 +00:00
yp05327 3849fd2ac2
Remove unnecessary forgot password link in delete user section (#28355)
Before:
<img width="458" alt="image"
src="https://github.com/go-gitea/gitea/assets/18380374/92815496-38cc-4bb9-9182-1509a72b07f6">

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/d96ed908-47ad-44cc-a624-4c10fa8c8c86)
2023-12-15 14:13:55 +00:00
wxiaoguang 4f04ab2586
Refactor SSH clone URL generation code (#28421)
Refactor the code and add tests, keep the old logic.
2023-12-15 06:18:12 +00:00
wxiaoguang 6632d1497c
Polyfill SubmitEvent for PaleMoon (#28441) 2023-12-15 07:26:36 +08:00
CaiCandong 8c91e31540
Fix Chinese translation of config cheat sheet[API] (#28472) 2023-12-15 00:00:04 +08:00
sebastian-sauer e08f1a9cbd
Add combined index for issue_user.uid and issue_id (#28080)
fixes #27877

---------

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-12-14 09:26:59 +00:00
wxiaoguang e85db6c8c3
Fix documents for "custom/public/assets/" (#28465)
Fix #28463
2023-12-14 08:52:16 +00:00
wxiaoguang 9947af639c
Only use SHA256 feature when git >= 2.42 (#28466)
And fix some comments
2023-12-14 16:51:05 +08:00
nekrondev 52046b934d
Retry SSH key verification with additional CRLF if it failed (#28392)
Windows-based shells will add a CRLF when piping the token into
ssh-keygen command resulting in
verification error. This resolves #21527.

---------

Co-authored-by: Heiko Besemann <heiko.besemann@qbeyond.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-12-14 02:39:32 +00:00
Adam Majer cbf923e87b
Abstract hash function usage (#28138)
Refactor Hash interfaces and centralize hash function. This will allow
easier introduction of different hash function later on.

This forms the "no-op" part of the SHA256 enablement patch.
2023-12-13 21:02:00 +00:00
KN4CK3R 064f05204c
Add endpoint for not implemented Docker auth (#28457)
Recently Docker started to use the optional `POST /v2/token` endpoint
which should respond with a `404 Not Found` status code instead of the
current `405 Method Not Allowed`.

> Note: Not all token servers implement oauth2. If the request to the
endpoint returns 404 using the HTTP POST method, refer to Token
Documentation for using the HTTP GET method supported by all token
servers.
2023-12-13 15:23:53 -05:00
David Hulick 73047854c0
docs: Update group membership fields to match application. (#28175)
Several fields in the "Verify group membership in LDAP" docs were
confusingly titled when compared to the actual fields in the
application, this change rectifies that by matching the docs to the
fields already present in gitea.

Signed-off-by: David Hulick <dave.hulick@gmail.com>
2023-12-13 07:14:37 +00:00
GiteaBot c229e6519b [skip ci] Updated translations via Crowdin 2023-12-13 00:24:37 +00:00
KN4CK3R ff5106d700
Fix possible nil pointer access (#28428)
There could be a nil pointer exception if the file is not found because
that specific error is suppressed but not handled.
2023-12-12 13:51:33 +00:00
wxiaoguang 0a794b2bcd
Don't show unnecessary citation JS error on UI (#28433)
Fix #28226
2023-12-12 11:31:11 +00:00
Lunny Xiao 717d0f5934
Do some missing checks (#28423) 2023-12-12 05:01:17 +00:00
Jack Hay 4e879fed90
Deprecate query string auth tokens (#28390)
## Changes
- Add deprecation warning to `Token` and `AccessToken` authentication
methods in swagger.
- Add deprecation warning header to API response. Example: 
  ```
  HTTP/1.1 200 OK
  ...
  Warning: token and access_token API authentication is deprecated
  ...
  ```
- Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth
tokens entirely. Default is `false`

## Next steps
- `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and
the methods should be removed in swagger
- `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of
the auth methods in question should be removed

## Open questions
- Should there be further changes to the swagger documentation?
Deprecation is not yet supported for security definitions (coming in
[OpenAPI Spec version
3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506))
- Should the API router logger sanitize urls that use `token` or
`access_token`? (This is obviously an insufficient solution on its own)

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-12-12 03:48:53 +00:00
GiteaBot baea205675 [skip ci] Updated translations via Crowdin 2023-12-12 00:25:05 +00:00
KN4CK3R 4b0940cb9f
Let curl write the content to file (#28427) 2023-12-12 07:19:30 +08:00
wxiaoguang f2a309e6c8
Improve doctor cli behavior (#28422)
1. Do not sort the "checks" slice again and again when "Register", it
just wastes CPU when the Gitea instance runs
2. If a check doesn't exist, tell the end user
3. Add some tests
2023-12-11 15:55:10 +00:00
Lunny Xiao 537fa69962
Second part of refactor db.Find (#28194)
Continue of #27798 and move more functions to `db.Find` and `db.Count`.
2023-12-11 16:56:48 +08:00
yp05327 0abb5633e3
Fix commit status in repo list (#28412)
Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/00edf23a-aee1-4177-a12c-bd03ae14e65e)

![image](https://github.com/go-gitea/gitea/assets/18380374/0663e443-682c-4a68-b14e-a0fa0e4c3716)
`TestOrg/testactions` does have commit status, but won't display in
`All`

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/7231db29-9c4e-484f-afa2-87db19be19b8)

Same to #26179.
2023-12-11 06:19:57 +00:00
GiteaBot 5b2bbf1a1f [skip ci] Updated licenses and gitignores 2023-12-11 00:25:45 +00:00
Earl Warren fab73e4a3a
Actually recover from a panic in cron task (#28409)
- Currently there's code to recover gracefully from panics that happen
within the execution of cron tasks. However this recover code wasn't
being run, because `RunWithShutdownContext` also contains code to
recover from any panic and then gracefully shutdown Forgejo. Because
`RunWithShutdownContext` registers that code as last, that would get run
first which in this case is not behavior that we want.
- Move the recover code to inside the function, so that is run first
before `RunWithShutdownContext`'s recover code (which is now a noop).

Fixes: https://codeberg.org/forgejo/forgejo/issues/1910

Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-12-10 20:15:06 +00:00
Lunny Xiao 9a99c17a14
Fix missing check (#28406) 2023-12-10 21:37:10 +02:00
Lunny Xiao aeb383025f
Also sync DB branches on push if necessary (#28361)
Fix #28056 

This PR will check whether the repo has zero branch when pushing a
branch. If that, it means this repository hasn't been synced.

The reason caused that is after user upgrade from v1.20 -> v1.21, he
just push branches without visit the repository user interface. Because
all repositories routers will check whether a branches sync is necessary
but push has not such check.

For every repository, it has two states, synced or not synced. If there
is zero branch for a repository, then it will be assumed as non-sync
state. Otherwise, it's synced state. So if we think it's synced, we just
need to update branch/insert new branch. Otherwise do a full sync. So
that, for every push, there will be almost no extra load added. It's
high performance than yours.

For the implementation, we in fact will try to update the branch first,
if updated success with affect records > 0, then all are done. Because
that means the branch has been in the database. If no record is
affected, that means the branch does not exist in database. So there are
two possibilities. One is this is a new branch, then we just need to
insert the record. Another is the branches haven't been synced, then we
need to sync all the branches into database.
2023-12-09 13:30:56 +00:00
Lunny Xiao 27c05069a6
Remove stale since giteabot has similiar feature (#28401)
Replace #27447
2023-12-09 13:38:46 +02:00
GiteaBot 80baac19f2 [skip ci] Updated translations via Crowdin 2023-12-09 00:24:26 +00:00
Panagiotis "Ivory" Vasilopoulos 18ba1c6d00
Improve text in Security settings (#28393)
- en-US: Rename "Scratch Tokens" to "single-use recovery keys".
  Longer, but clearer.
- Improve titles
- TOTP: Improve description
- TOTP: Inform user about Scratch Tokens to encourage TOTP usage
- WebAuthn: Add loss of access warning
2023-12-08 00:38:55 +02:00
John Olheiser 4bf5653584
Fix Docker meta action for releases (#28232)
Should fix #28229 and #28230 for next release.

Assuming I'm reading the docs correctly for the docker meta action:

https://github.com/docker/metadata-action#flavor-input
https://github.com/docker/metadata-action#latest-tag

1. We want `latest=false` for the RCs.
2. `latest` should happen already due to `auto` mode, however there's an
extra option for the `suffix` flavor.

This PR is ready, but leaving it as draft to make sure someone
double-checks my sleuth-work.

Signed-off-by: jolheiser <john.olheiser@gmail.com>
2023-12-07 12:42:58 -05:00
Adam Majer d9c19899cd
Make gogit Repository.GetBranchNames consistent (#28348) 2023-12-07 12:08:17 -05:00
Lunny Xiao dd30d9d5c0
Remove GetByBean method because sometimes it's danger when query condition parameter is zero and also introduce new generic methods (#28220)
The function `GetByBean` has an obvious defect that when the fields are
empty values, it will be ignored. Then users will get a wrong result
which is possibly used to make a security problem.

To avoid the possibility, this PR removed function `GetByBean` and all
references.
And some new generic functions have been introduced to be used.

The recommand usage like below.

```go
// if query an object according id
obj, err := db.GetByID[Object](ctx, id)
// query with other conditions
obj, err := db.Get[Object](ctx, builder.Eq{"a": a, "b":b})
```
2023-12-07 15:27:36 +08:00
Jason Song beb71f5ef6
Include public repos in doer's dashboard for issue search (#28304)
It will fix #28268 .

<img width="1313" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/cb1e07d5-7a12-4691-a054-8278ba255bfc">

<img width="1318" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/4fd60820-97f1-4c2c-a233-d3671a5039e9">

## ⚠️ BREAKING ⚠️

But need to give up some features:

<img width="1312" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/281c0d51-0e7d-473f-bbed-216e2f645610">

However, such abandonment may fix #28055 .

## Backgroud

When the user switches the dashboard context to an org, it means they
want to search issues in the repos that belong to the org. However, when
they switch to themselves, it means all repos they can access because
they may have created an issue in a public repo that they don't own.

<img width="286" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/182dcd5b-1c20-4725-93af-96e8dfae5b97">

It's a confusing design. Think about this: What does "In your
repositories" mean when the user switches to an org? Repos belong to the
user or the org?

Whatever, it has been broken by #26012 and its following PRs. After the
PR, it searches for issues in repos that the dashboard context user owns
or has been explicitly granted access to, so it causes #28268.

## How to fix it

It's not really difficult to fix it. Just extend the repo scope to
search issues when the dashboard context user is the doer. Since the
user may create issues or be mentioned in any public repo, we can just
set `AllPublic` to true, which is already supported by indexers. The DB
condition will also support it in this PR.

But the real difficulty is how to count the search results grouped by
repos. It's something like "search issues with this keyword and those
filters, and return the total number and the top results. **Then, group
all of them by repo and return the counts of each group.**"

<img width="314" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/5206eb20-f8f5-49b9-b45a-1be2fcf679f4">

Before #26012, it was being done in the DB, but it caused the results to
be incomplete (see the description of #26012).

And to keep this, #26012 implement it in an inefficient way, just count
the issues by repo one by one, so it cannot work when `AllPublic` is
true because it's almost impossible to do this for all public repos.


1bfcdeef4c/modules/indexer/issues/indexer.go (L318-L338)

## Give up unnecessary features

We may can resovle `TODO: use "group by" of the indexer engines to
implement it`, I'm sure it can be done with Elasticsearch, but IIRC,
Bleve and Meilisearch don't support "group by".

And the real question is, does it worth it? Why should we need to know
the counts grouped by repos?

Let me show you my search dashboard on gitea.com.

<img width="1304" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/2bca2d46-6c71-4de1-94cb-0c9af27c62ff">

I never think the long repo list helps anything.

And if we agree to abandon it, things will be much easier. That is this
PR.

## TODO

I know it's important to filter by repos when searching issues. However,
it shouldn't be the way we have it now. It could be implemented like
this.

<img width="1316" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/99ee5f21-cbb5-4dfe-914d-cb796cb79fbe">

The indexers support it well now, but it requires some frontend work,
which I'm not good at. So, I think someone could help do that in another
PR and merge this one to fix the bug first.

Or please block this PR and help to complete it.

Finally, "Switch dashboard context" is also a design that needs
improvement. In my opinion, it can be accomplished by adding filtering
conditions instead of "switching".
2023-12-07 13:26:18 +08:00