Commit graph

14561 commits

Author SHA1 Message Date
M Hickford e84558b093
Improve OAuth integration tests (#21390)
In particular, test explicit error responses.

No change to behaviour.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 12:22:43 +08:00
Andreas Fischer 9862936ed3
Make e-mail sanity check more precise (#20991)
For security reasons, all e-mail addresses starting with
non-alphanumeric characters were rejected. This is too broad and rejects
perfectly valid e-mail addresses. Only leading hyphens should be
rejected -- in all other cases e-mail address specification should
follow RFC 5322.

Co-authored-by: Andreas Fischer <_@ndreas.de>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-10-11 22:44:09 -04:00
Yarden Shoham b5a54f03a2
Fix broken link to frontend guidelines in hacking guidelines (#21382) 2022-10-11 21:23:21 -04:00
KN4CK3R 4dc3b2ec57
Use Name instead of DisplayName in LFS Lock (#21415)
Fixes #21268

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-10-11 21:03:15 -04:00
kolaente e026459a2d [skip ci] Updated translations via Crowdin 2022-10-12 00:21:02 +00:00
kolaente d8a80b0ed7
feat(pr review): add more space on mobile (#21326)
This PR adds more space to the review screen on mobile so that comments
are more readable and less "squashed" an smaller screens.

Before:

![Screen Shot 2022-10-03 at 17 12
26](https://user-images.githubusercontent.com/13721712/193612834-6add9e25-f635-4a5b-84f6-b8e2b320ec29.png)

After:

![Screen Shot 2022-10-03 at 17 10
15](https://user-images.githubusercontent.com/13721712/193612671-ab4ef640-0360-44ef-9184-b366b7abeb37.png)

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
2022-10-11 16:42:31 -04:00
Gusted 5ba23066ff
Bump golang.org/x/text (#21412)
- Update the `golang.org/x/text` dependency, this fixes [a security
issue](https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ).
2022-10-11 20:01:07 +01:00
plsnp a99074b267
Update gitea.service (#21399)
`LimitMEMLOCK=infinity` is already the default, so removed that

Default soft limit for LimitNOFILE is 1024
Default hard limit for LimitNOFILE is 524288

`LimitNOFILE=65535` increases the soft limit, but decreases the hard
limit

References:
* https://www.freedesktop.org/software/systemd/man/systemd.exec.html
*
https://blog.skbali.com/2019/09/set-ulimits-for-a-script-started-using-systemd/

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-10-11 12:26:32 -04:00
zeripath 4a23212102
Do DB update after merge in hammer context (#21401)
When merge was changed to run in the background context, the db updates
were still running in request context. This means that the merge could
be successful but the db not be updated.

This PR changes both these to run in the hammer context, this is not
complete rollback protection but it's much better.

Fix #21332

Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-11 12:26:22 -04:00
Anbraten 5aceedc7fd
add gitpod config (#20995)
Add a config for <https://www.gitpod.io/>. This allows users to easily
run an online IDE pre-configured to develop and test Gitea by opening
<https://gitpod.io/#https://github.com/go-gitea/gitea>.

[![Open in
Gitpod](https://gitpod.io/button/open-in-gitpod.svg)](https://gitpod.io/#https://github.com/go-gitea/gitea)

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-10-11 12:15:14 -04:00
Yarden Shoham 9b7675d0cf
Remove cancel button in repo creation page (#21381) 2022-10-11 22:47:35 +08:00
Bill Wenrich ea3c6c6d7b
Improve clarity for camo proxy parameters (#21386)
Updates the Config Cheat Sheet for the `ALLWAYS` option in Camo proxy.

- Clarifies the behavior for true (both HTTP and HTTPS is proxied) vs
false (only HTTP is proxied)
- Minor grammar and typo improvements

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-11 21:12:44 +08:00
KN4CK3R 8752d89be7
Redirect to new repository owner (#21398)
Fixes #17655

If you rename `user1` to `user2` and visit `/user1` you get redirected
to `/user2`. But if you visit `/user1/repo` you just get a 404 error.
With this PR the user is redirected to `/user2/repo`.
2022-10-11 19:54:44 +08:00
Yarden Shoham 2d4c6321c3
Use ISO date format instead of hard-coded English date format for date range in repo activity page (#21396)
January 2, 2006 -> 2006-01-02

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
2022-10-11 18:48:17 +08:00
Lunny Xiao 1428877c37
log real ip of requests from ssh (#21216)
Partially fix #21213.

This PR will get client IP address from SSH_CONNECTION env which should
be the first field of that. And deliver it to the internal API so Gitea
routers could record the real IP from SSH requests.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2022-10-11 16:57:37 +08:00
Gusted c540ee08d3
Add Num{Issues,Pulls} stats checks (#21404)
- Currently `repository.Num{Issues,Pulls}` weren't checked and could
become out-of-consistency. Adds these two checks to `CheckRepoStats`.
- Fix incorrect SQL query for `repository.NumClosedPulls`, the check
should be for `repo_num_pulls`.
- Reference: https://codeberg.org/Codeberg/Community/issues/696
2022-10-11 07:41:39 +01:00
Lauris BH b59b0cad0a
Add user/organization code search (#19977)
Fixes #19925 

Screenshots:

![attels](https://user-images.githubusercontent.com/165205/173864718-fe789429-55bc-4cad-808c-9f02f335cddf.png)
2022-10-11 00:12:03 +01:00
zeripath 3ccebf7f40
Stop logging CheckPath returns error: context canceled (#21064)
We should only log CheckPath errors if they are not simply due to
context cancellation - and we should add a little more context to the
error message.

Fix #20709

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-10-10 21:54:30 +01:00
silverwind 94037ada24
Hook go-licenses into tidy again (#21353)
Running it as part of the build is really unnecessary because we have a
valid output file in the repo and assuming go dependencies do not change
unless go.mod also changes, tidy really is the best target to run the
license generation after.

Also, regenerate the file as I missed to do so during the chroma update,
and mark all json files in assets as generated.
2022-10-10 20:45:02 +02:00
Yarden Shoham 083ac164dc
Fix missing left and right carets in TRANSLATORS (#21397) 2022-10-10 10:36:37 -04:00
wxiaoguang 23b6827151
Fix calls to i18n in templates (#21394)
Although the `.i18n` has been refactored to `.locale`, some PRs using
`.i18n` were still merged.

* #20219
* #21246

This PR fixes the calls to `.i18n`.

At the moment, `{{.nosuch.nosuch "..."}}` won't cause template error so
these mistakes don't cause 500 and haven't been found.
2022-10-10 15:05:32 +01:00
silverwind 7044d34ae5
Update JS dependencies and eslint config (#21388)
- Update all JS dependencies and playwright image
- Add new eslint rules, enable a few more, fix issues
- Regenerate SVGs
- Tested Vue and Swagger

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-10 20:02:20 +08:00
qwerty287 a813c9d8f3
Allow creation of OAuth2 applications for orgs (#18084)
Adds the settings pages to create OAuth2 apps also to the org settings
and allows to create apps for orgs.

Refactoring: the oauth2 related templates are shared for
instance-wide/org/user, and the backend code uses `OAuth2CommonHandlers`
to share code for instance-wide/org/user.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-09 20:07:41 +08:00
Yarden Shoham 97f3f1988b
Fix typos in PullRequestMergeForm.vue header comment (#21378)
Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
2022-10-09 15:17:01 +08:00
wxiaoguang 768e16dad1
Use weighted algorithm for string matching when finding files in repo (#21370)
This PR is for:
* https://github.com/go-gitea/gitea/issues/20231

Now, when a user searches `word`, they always see `/{word}.txt` before
`/{w}e-g{o}t-{r}esult.{d}at`

Demo:

When searching "a", "a.ext" comes first. 

Then when searching "at", the longer matched "template" comes first.

<details>


![image](https://user-images.githubusercontent.com/2114189/194588738-3644d891-956f-40e4-b79b-b97d34265456.png)


![image](https://user-images.githubusercontent.com/2114189/194588797-9b124670-4e1e-4510-a170-780295ed89b8.png)

</details>

This PR also makes the frontend tests could import feature JS files by
introducing `jestSetup.js`

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: silverwind <me@silverwind.io>
2022-10-08 12:22:44 +01:00
Kyle D 7bb12d7efa
Bump playwright to 1.26.1 (#21357) 2022-10-08 16:54:34 +08:00
eleith bbbf9a4b93
npm package registry support for bin (#21372)
Fix #21303

npm package.json supports binary packaging:
https://docs.npmjs.com/cli/v8/configuring-npm/package-json#bin

the npm registry documents that the binary references will be attached
to the abbreviated version object:

https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md#abbreviated-version-object

unfortunately their api documentation leaves this out:
https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md#abbreviated-version-objectdoc

which is likely to be the reason this was left out in gitea's initial
implementation

this response is critical for npm to install the binary in the `.bin`
folder so as to be included on the users default bin path, resulting in
immediate access to any binaries provided by the package
2022-10-08 13:24:44 +08:00
Michael Horstmann 6c53cf852f
Removed one extra whitespace in footer after "Template" (#21364) 2022-10-08 11:53:42 +08:00
Akshay Mankar f0aed8205b
Fix formatted link for PR review notifications to matrix (#21319)
The PR review notifications HTML was written as markdown due to not
using `MatrixLinkFormatter`.
2022-10-07 22:06:34 +01:00
KN4CK3R 223556073c
Show private data in feeds (#21369)
Show private data in feeds for admins and matching users.
2022-10-07 22:06:04 +01:00
zeripath 7d2545d183
Add nicer error handling on template compile errors (#21350)
There are repeated issues reported whereby users are unable to interpret
the template errors. This PR adds some (somewhat complex) error handling
to the panic recovery for template renderering but hopefully makes the
interpretation of the error easier.

Reference #21344

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-10-07 22:02:24 +01:00
rj1 56aabf3e8d
Fix some typos and update db transaction demo in backend guideline (#21322)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-08 02:12:19 +08:00
wxiaoguang c08e42c47e
Refactor parseTreeEntries, speed up tree list (#21368)
Close #20315 (fix the panic when parsing invalid input), Speed up #20231 (use ls-tree without size field)

Introduce ListEntriesRecursiveFast (ls-tree without size) and ListEntriesRecursiveWithSize (ls-tree with size)
2022-10-08 01:20:53 +08:00
KN4CK3R 69fc510d6d
Add GET and DELETE endpoints for Docker blob uploads (#21367)
This PR adds support for
https://docs.docker.com/registry/spec/api/#get-blob-upload
https://docs.docker.com/registry/spec/api/#delete-blob-upload

Both are not required by the OCI spec but some clients call these
endpoints.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-07 23:30:59 +08:00
Andrew Imeson d94f15c2fd
Make external issue tracker regexp configurable via API (#21338)
Fixes #21336 

Signed-off-by: Andrew Imeson <andrew@andrewimeson.com>
2022-10-07 20:49:30 +08:00
delvh 81d7270cde
Add new CSS variables --color-accent and --color-small-accent (#21305)
At the moment, this is only used to replace the color of the `viewed`
checkbox and of the `has changed` label.
Previously, the used variable accentuated always either darker or
lighter, which meant that one theme looked good while the other didn't.

Co-authored-by: silverwind <me@silverwind.io>
2022-10-07 17:48:03 +08:00
KN4CK3R 30ca91666e
Set SemverCompatible to false for Conan packages (#21275)
Fixes #21250
Related #20414

Conan packages don't have to follow SemVer.
The migration fixes the setting for all existing Conan and Generic
(#20414) packages.
2022-10-07 12:22:05 +08:00
M Hickford 34f509eb7a
Parse OAuth Authorization header when request omits client secret (#21351)
This fixes error "unauthorized_client: invalid client secret" when
client includes secret in Authorization header rather than request body.
OAuth spec permits both.

Sanity validation that client id and client secret in request are
consistent with Authorization header.

Improve error descriptions. Error codes remain the same.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2022-10-07 10:53:49 +08:00
silverwind f09f73d784
Disable Firefox E2E tests (#21363)
Make CI green again, until we figure out
https://github.com/go-gitea/gitea/issues/21355.
2022-10-06 21:55:26 +01:00
Joe Constant d7f0d8d8ea
Add redirect of /upgrade/ to /upgrade-from-gitea/ on docs site (#21330)
Since adding an aliases block doesn't seem to work locally for me (I
suspect because a page actually exists and Hugo is granting preference
to existing pages over aliases), I also added entries to
static/_redirects file so Netlify will handle the redirects

Fixes #7208
2022-10-06 21:53:02 +01:00
Clark Boylan f1f911df41
Update to go-enry v2.8.3 (#21360)
This fixes an issue with enry's isVendor() method being too greedy. This
lead to gitea classifying unvendored code as vendored. The impact of
this is fairly minimal, but our Gitea users did notice which led me to
fixing this in go-enry. Some files will be tagged with a vendored flag
in the UI. I think it also impacts the calculation of language
statistics in the repo as vendored files are not incorporated into the
stats.

For more information on the issue see the go-enry bug:
  https://github.com/go-enry/go-enry/issues/135
2022-10-06 21:51:38 +01:00
zeripath 64073276c4
Update go to 1.19 (#21361)
It appears that updating go to 1.19 for playwright was missed when we
updated to go 1.19 elsewhere.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-10-06 21:51:18 +01:00
Paweł Bogusławski 2d3b52c244
SessionUser protection against nil pointer dereference (#21358)
`SessionUser` should be protected against passing `sess` = `nil` to
avoid

```
PANIC: runtime error: invalid memory address or nil pointer dereference
```

in


https://github.com/go-gitea/gitea/pull/18452/files#diff-a215b82aadeb8b4c4632fcf31215dd421f804eb1c0137ec6721b980136e4442aR69

after upgrade from gitea v1.16 to v1.17.

Related: https://github.com/go-gitea/gitea/pull/18452
Author-Change-Id: IB#1126459
2022-10-06 21:50:38 +01:00
delvh b001812df4
Fix and improve incorrect error messages (#21342)
L
2022-10-06 07:00:54 +01:00
rock2dust 1294f6c511
Fix default theme-auto selector when nologin (#21346)
the bug is theme selector is `theme-` when not login to Gitea

![theme-auto](https://user-images.githubusercontent.com/76462613/194099390-0ff6854a-1eb9-4dba-bb28-fd238f2225f8.png)

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-06 11:52:43 +08:00
Gennady Kovshenin fd2d5f06b0
Add stat to ToCommit function for speed (#21337)
Calls to ToCommit are very slow due to fetching diffs, analyzing files.
This patch lets us supply `stat` as false to speed fetching a commit
when we don't need the diff.

/v1/repo/commits has a default `stat` set as true now. Set to false to
experience fetching thousands of commits per second instead of 2-5 per
second.
2022-10-06 11:21:04 +08:00
wxiaoguang 8765f139c7
Fix typo in API comment document (#21347)
Close #21307

After the fix:

![image](https://user-images.githubusercontent.com/2114189/194120843-52566b84-6e29-4f91-859a-eb5839c68c54.png)
2022-10-05 21:26:34 +01:00
rock2dust abd59cd5cd
Update comment about repository.DISABLED_REPO_UNITS in app.example.ini (#21343)
Add allowed values: `repo.projects`
2022-10-05 20:38:30 +01:00
rock2dust f693863a4f
Remove extra space from title element (#21345)
Removes a spurious additional space in the head template. 

![](https://user-images.githubusercontent.com/76462613/194077336-1e757242-6f92-4238-8856-746b2e9a1a2c.png)
2022-10-05 20:24:21 +01:00
zeripath 93df41f506
Fix slight bug in katex (#21171)
There is a small bug in #20571 whereby `$a a$b b$` will not be correctly
detected as a math inline block of `a a$b b`. This PR fixes this.

Also reenable test cases as per #21340 

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-05 19:55:36 +01:00