Commit graph

832 commits

Author SHA1 Message Date
Gergely Nagy f90b802634
[GITEA] Add support for shields.io-based badges
Adds a new `/{username}/{repo}/badges` family of routes, which redirect
to various shields.io badges. The goal is to not reimplement badge
generation, and delegate it to shields.io (or a similar service), which
are already used by many. This way, we get all the goodies that come
with it: different styles, colors, logos, you name it.

So these routes are just thin wrappers around shields.io that make it
easier to display the information we want. The URL is configurable via
`app.ini`, and is templatable, allowing to use alternative badge
generator services with slightly different URL patterns.

Additionally, for compatibility with GitHub, there's an
`/{username}/{repo}/actions/workflows/{workflow_file}/badge.svg` route
that works much the same way as on GitHub. Change the hostname in the
URL, and done.

Fixes gitea#5633, gitea#23688, and also fixes #126.

Work sponsored by Codeberg e.V.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit fcd0f61212d8febd4bdfc27e61a4e13cbdd16d49)
(cherry picked from commit 20d14f784490a880c51ca0f0a6a5988a01887635)
(cherry picked from commit 4359741431bb39de4cf24de8b0cfb513f5233f55)
(cherry picked from commit 35cff45eb86177e750cd22e82a201880a5efe045)
(cherry picked from commit 2fc0d0b8a302d24177a00ab48b42ce083b52e506)
2024-02-05 16:09:42 +01:00
Gergely Nagy 1d8bca07f3
[GITEA] Configurable clone methods
Adds `[repository].DOWNLOAD_OR_CLONE_METHODS` (defaulting to
"download-zip,download-targz,download-bundle,vscode-clone"), which lets
an instance administrator override the additional clone methods
displayed on the repository home view.

This is purely display-only, the clone methods not listed here are still
available, unless disabled elsewhere. They're just not displayed.

Fixes #710.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 2aadcf4946e48ee43800568fe705d00a062c42bf)
(cherry picked from commit 42ac34fbf9105eed27ee687b305a85515270f0cc)
(cherry picked from commit bd231b02450212aca6be775663c3d24ddf19f990)
(cherry picked from commit 3d3366dbbee37621fc665e557a4a87bf08104375)
(cherry picked from commit 0157fb9b88fd50832c07b06c11c8dba6e059a465)
(cherry picked from commit bee88f6a8309c6f9aeba1522383d77f08e5a4d2d)
2024-02-05 16:09:42 +01:00
Otto Richter 274aee0bb0
[GITEA] correct default license selection
The default license choice was not working as expected,
because both the files in options/license were named differently, and
the setting string is not parsed properly.

The documentation will also be corrected.

See conversation on Matrix:
https://matrix.to/#/%23forgejo-chat%3Amatrix.org/%24ue13GJPr2d7D8fEaLx8yh1mFn3a4TVy_khkajrAYtx0?via=matrix.tu-berlin.de&via=turbo.ooo&via=matrix.org&via=catgirl.cloud

(cherry picked from commit 450a34d08d6d00063e97c4e176cdfe0695367985)
(cherry picked from commit 2770af7044cc8e5e564318a0d733b43ec16bdde5)
(cherry picked from commit 0fadf41985917d629b18c0a822b6317fa618c841)
(cherry picked from commit 9c3aa1dbbd13f2670d76ea00c00fec3b9cbb0339)
(cherry picked from commit f8ecff84222163ba513e81244c37d78c47499922)
(cherry picked from commit 1e289375462e4ba24be5432d035fe5d149789c73)
(cherry picked from commit e566ffbb8de285c40c322744d48c32c17de93852)
(cherry picked from commit cf89ca48b66ba077e7fbcfb7c8a353574db63fac)
(cherry picked from commit e2897d15b45012fbdd77ce6c37527c50d7b12d40)
(cherry picked from commit 8b49f1195de14bf21ed3dd2d0e15369d183971f4)
2024-02-05 16:09:41 +01:00
Aravinth Manivannan 2d06901a18
[GITEA] notifies admins on new user registration
Sends email with information on the new user (time of creation and time of last sign-in) and a link to manage the new user from the admin panel

closes: https://codeberg.org/forgejo/forgejo/issues/480

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1371
Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
Co-committed-by: Aravinth Manivannan <realaravinth@batsense.net>
(cherry picked from commit c721aa828ba6aec5ef95459cfc632a0a1f7463e9)
(cherry picked from commit 6487efcb9da61be1f802f1cd8007330153322770)

Conflicts:
	modules/notification/base/notifier.go
	modules/notification/base/null.go
	modules/notification/notification.go
	https://codeberg.org/forgejo/forgejo/pulls/1422
(cherry picked from commit 7ea66ee1c5dd21d9e6a43f961e8adc71ec79b806)

Conflicts:
	services/notify/notifier.go
	services/notify/notify.go
	services/notify/null.go
	https://codeberg.org/forgejo/forgejo/pulls/1469
(cherry picked from commit 7d2d9970115c94954dacb45684f9e3c16117ebfe)
(cherry picked from commit 435a54f14039408b315c99063bdce28c7ef6fe2f)
(cherry picked from commit 8ec7b3e4484383445fa2622a28bb4f5c990dd4f2)

[GITEA] notifies admins on new user registration (squash) performance bottleneck

Refs: https://codeberg.org/forgejo/forgejo/issues/1479
(cherry picked from commit 97ac9147ff3643cca0a059688c6b3c53479e28a7)
(cherry picked from commit 19f295c16bd392aa438477fa3c42038d63d1a06a)
(cherry picked from commit 3367dcb2cf5328e2afc89f7d5a008b64ede1c987)

[GITEA] notifies admins on new user registration (squash) cosmetic changes

Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit 9f1670e040b469ed4346aa2689a75088e4e71c8b)
(cherry picked from commit de5bb2a224ab2ae9be891de1ee88a7454a07f7e9)
(cherry picked from commit 8f8e52f31a4da080465521747a2c5c0c51ed65e3)
(cherry picked from commit e0d51303129fe8763d87ed5f859eeae8f0cc6188)
(cherry picked from commit f1288d6d9bfc9150596cb2f7ddb7300cf7ab6952)
(cherry picked from commit 1db4736fd7cd75027f3cdf805e0f86c3a5f69c9d)
(cherry picked from commit e8dcbb6cd68064209cdbe054d5886710cbe2925d)
(cherry picked from commit 09625d647629b85397270e14dfe22258df2bcc43)

[GITEA] notifies admins on new user registration (squash) ctx.Locale

(cherry picked from commit dab7212fad44a252a1acf8da71b254b1a6715121)
(cherry picked from commit 9b7bbae8c4cd5dc4d36726f10870462c8985e543)
(cherry picked from commit f750b71d3db9a24dc2722effb8bbc2dded657cbb)
(cherry picked from commit f79af366796a8ab581bbfa1f5609dc721798ae68)
(cherry picked from commit e76eee334e446a45d841caf19a7c18eab89ca457)

[GITEA] notifies admins on new user registration (squash) fix locale

(cherry picked from commit 54cd100d8da37ccb0a545e2545995066f92180f0)
(cherry picked from commit 053dbd3d50d3c7d1afae8d31c25bda92ceb8f8c0)

[GITEA] notifies admins on new user registration (squash) fix URL

1. Use absolute URL in the admin panel link sent on new registrations
2. Include absolute URL of the newly signed-up user's profile.

New email looks like this:

<details><summary>Please click to expand</summary>

```
--153937b1864f158f4fd145c4b5d4a513568681dd489021dd466a8ad7b770
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8

User Information: @realaravinth ( http://localhost:3000/realaravinth )
----------------------------------------------------------------------

* Created: 2023-12-13 19:36:50 +05:30

Please click here ( http://localhost:3000/admin/users/9 ) to manage the use=
r from the admin panel.
--153937b1864f158f4fd145c4b5d4a513568681dd489021dd466a8ad7b770
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html>
<head>
	<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
	<title>New user realaravinth just signed up</title>

	<style>
		blockquote { padding-left: 1em; margin: 1em 0; border-left: 1px solid gre=
y; color: #777}
		.footer { font-size:small; color:#666;}
	</style>

</head>

<body>
	<ul>
		<h3>User Information: <a href=3D"http://localhost:3000/realaravinth">@rea=
laravinth</a></h3>
		<li>Created: <relative-time format=3D"datetime" weekday=3D"" year=3D"nume=
ric" month=3D"short" day=3D"numeric" hour=3D"numeric" minute=3D"numeric" se=
cond=3D"numeric" datetime=3D"2023-12-13T19:36:50+05:30">2023-12-13 19:36:50=
 +05:30</relative-time></li>
	</ul>
	<p> Please <a href=3D"http://localhost:3000/admin/users/9" rel=3D"nofollow=
">click here</a> to manage the user from the admin panel. </p>
</body>
</html>

--153937b1864f158f4fd145c4b5d4a513568681dd489021dd466a8ad7b770--
```

</details>

fixes: https://codeberg.org/forgejo/forgejo/issues/1927
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1940
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
Co-committed-by: Aravinth Manivannan <realaravinth@batsense.net>
(cherry picked from commit b8d764e36a0cd8e60627805f87b84bb04152e9c1)
(cherry picked from commit d48b84f623e369222e5e15965f22e27d74ff4243)

Conflicts:
	routers/web/auth/auth.go
	https://codeberg.org/forgejo/forgejo/pulls/2034
(cherry picked from commit 02d3c125ccc97638849af33c7df315cbcb368127)
(cherry picked from commit 367374ecc3832bb47d29ff79370103f907d0ca99)

Conflicts:
	models/user/user_test.go
	https://codeberg.org/forgejo/forgejo/pulls/2119
(cherry picked from commit 4124fa5aa41c36b3ab3cc1c65d0e3d5e05ec4086)
(cherry picked from commit 7f12610ff63d4907631d8cddcd7a49ae6f6e1508)

[GITEA] notifies admins on new user registration (squash) DeleteByID

trivial conflict because of
   778ad795fd Refactor deletion (#28610)

(cherry picked from commit 05682614e5ef2462cbb6a1635ca01e296fe03d23)
(cherry picked from commit 64bd374803a76c97619fe1e28bfc74f99ec91677)
(cherry picked from commit 63d086f666a880b48d034b129e535fcfc82acf7d)
(cherry picked from commit 3cd48ef4d53c55a81c97f1b666b8d4ba16a967c4)

Conflicts:
	options/locale/locale_en-US.ini
	https://codeberg.org/forgejo/forgejo/pulls/2249
(cherry picked from commit 6578ec4ed64c8624bc202cefb18d67870eec1336)

Conflicts:
	routers/web/auth/auth.go
	https://codeberg.org/forgejo/forgejo/pulls/2300
2024-02-05 16:09:28 +01:00
Gusted 664192767c
[GITEA] Add slow SQL query warning
- Databases are one of the most important parts of Forgejo, every
interaction with Forgejo uses the database in one way or another.
Therefore, it is important to maintain the database and recognize when
Forgejo is not doing well with the database. Forgejo already has the
option to log *every* SQL query along with its execution time, but
monitoring becomes impractical for larger instances and takes up
unnecessary storage in the logs.
- Add a QoL enhancement that allows instance administrators to specify a
threshold value beyond which query execution time is logged as a warning
in the xorm logger. The default value is a conservative five seconds to
avoid this becoming a source of spam in the logs.
- The use case for this patch is that with an instance the size of Codeberg, monitoring SQL logs is not very fruitful and most of them are uninteresting. Recently, in the context of persistent deadlock issues (https://codeberg.org/forgejo/forgejo/issues/220), I have noticed that certain queries hold locks on tables like comment and issue for several seconds. This patch helps to identify which queries these are and when they happen.
- Added unit test.

(cherry picked from commit 24bbe7886fb4cb9a38c8dab8c44f4c9cbfa25481)
(cherry picked from commit 6e29145b3c1455498531593d38e6a914941a12cb)
(cherry picked from commit 63731e30712872bd2395eb3cf36d9996e5793645)
(cherry picked from commit 3ce1a097369c132654de70df707b867e47bd1c40)
(cherry picked from commit a64426907de788cc0937a7a2b16af4d2f26f7fe6)
(cherry picked from commit 4b1921569156445c58d9889602733da5934c7b95)
(cherry picked from commit e6356744359fa947c049827d60c2ea0e277e03dc)
(cherry picked from commit 9cf501f1af4cd870221cef6af489618785b71186)
(cherry picked from commit 0d6b934eba1c0e9b27b364791113aae816b6b366)
(cherry picked from commit 4b6c2738795002887844a106f2fed2ef1673eed1)
(cherry picked from commit 89b1315338b0c7a726a36a84e9844013a13560b8)
(cherry picked from commit edd8e66ce991c395bb0af7720631c3cd26caaa51)

[GITEA] Add slow SQL query warning (squash) document the setting

(cherry picked from commit ce38599c5141c7fc6bc054819f5ff1c1b45bda1f)
(cherry picked from commit 794aa67c68c8e24ac7301eb7ef767c6e2499a78d)
(cherry picked from commit a4c2c6b004c21488e90f637ca7920f49108ed75d)
(cherry picked from commit 97912752bc802db79bb26a6591aec885aea30ee4)
(cherry picked from commit 00b5327c9750215a290238516e7b6fb1e6601e14)
(cherry picked from commit 1069c860e78c11225b4d74ff3044df7786562821)
(cherry picked from commit 84241f42c83852918b57c8bd25364697037fe42f)
(cherry picked from commit e4bda0e8457d00c01b83f153ed5a4a8ea4cf85c8)
(cherry picked from commit 7357fb91bff87045b133c3a7ac9fc70eea781bc4)
(cherry picked from commit a8dd7f6da278ae112200b5efa5bf27e3961f5996)
(cherry picked from commit e636e9f4beca7273dd8622baedb2f0c01db30449)
(cherry picked from commit bf04ae86037f5cb5a81d02750aead2742b040367)
(cherry picked from commit 93b19e3568169bd1cf9b8b78c1751c3d2d65a1b6)
(cherry picked from commit 83f91363ad071675c73a1f636271cc043bf69707)
(cherry picked from commit e34a05bc7319072b70d387975342d617b8136655)
(cherry picked from commit 68569aeee9805aaa8e98c6e7fe8058095e290061)
2024-02-05 16:05:50 +01:00
Panagiotis "Ivory" Vasilopoulos ee26f86bfc
[GITEA] add option for banning dots in usernames
Refs: https://codeberg.org/forgejo/forgejo/pulls/676

Author:    Panagiotis "Ivory" Vasilopoulos <git@n0toose.net>
Date:      Mon Jun 12 13:57:01 2023 +0200

Co-authored-by: Gusted <postmaster@gusted.xyz>
(cherry picked from commit fabdda5c6e84017bf75ab5f9ab6cc0e583b70d09)
(cherry picked from commit d2c7f45621028d37944659db096bc92c031dd8e7)
(cherry picked from commit dfdbaba3d6b7abf1c542b0ea41b7812b729cc217)
(cherry picked from commit a3cda092b8897e4d669cfcf2cb8b16236e3c9b32)
(cherry picked from commit f0fdb5905c3b22bec043530da15d2c52f6bc41c9)
(cherry picked from commit 9697e48c1f8b23d3dd1da246b525b63c3756353d)
(cherry picked from commit 46e31009a86db18a9b5bd8e2f535b198df90c437)
(cherry picked from commit 5bb2c54b6f55499937396339bcacd3b4d8fb6b5e)
(cherry picked from commit 682f9d24e13b83d89bd6b86324960f1b4fc72eeb)
(cherry picked from commit 18634810057ef88fd01b54cec33bd4bd04c53221)
(cherry picked from commit 4f1b7c4ddbc4099aa9b6fda1e0145d37f638e567)
(cherry picked from commit 6afe70bbf1290e604fc476ee27901d1722ac1272)
(cherry picked from commit 5cec1d9c2d2a731fa44f761e6c90f0d20ab3ccc4)

Conflicts:
	templates/admin/config.tmpl
	https://codeberg.org/forgejo/forgejo/pulls/1512
(cherry picked from commit de2d172473217e3437238fd9c691edc8d8524e1a)
(cherry picked from commit 37a3172dd9e2646157ec49ca46f94b9b0012b061)
(cherry picked from commit 92dfca0c5a8a8d4fd8a93b5468ba593283fc9452)
(cherry picked from commit a713d59b0cbeaf2fe023be1daa42165cd0df3b1d)
(cherry picked from commit e7bd71a6188ed4abbabf8b64b439e588c1c1f5f7)
(cherry picked from commit 69f3e952c495ecf8af5e7fc8cca6f3ba31fd3da2)
(cherry picked from commit 83fbb7b566f68f84f56d371bcfbba89bba602e2f)
(cherry picked from commit 3196605fa99679d28c51c7faccb8402155d31c49)
(cherry picked from commit e37eb8de9c8e9975fd2f33e0ea92d45da4c3835c)
(cherry picked from commit 8c99f59e48098b0058c5692f17aa66352ad3ad01)
(cherry picked from commit 74aa1ac66f659478b9e6994967a6207d7843b9ae)
(cherry picked from commit 622440b3bd32ce4db6305187c854e1f9a8820305)
(cherry picked from commit 2c1ec90984a82f34b14c0f7db25f1941ec129261)
(cherry picked from commit 24d57152e0ab7ab25d5e526785984a7e412ac4eb)
(cherry picked from commit 071e9013f3a072978fc2d3452c4b34e94edd34b4)
(cherry picked from commit 27fbb726fa395c83a76238fd2989c697eedebb3b)
(cherry picked from commit 29eddd86ead3dc0cfcbf9eb7fc3998bb31162b2d)
(cherry picked from commit 133dc72fabb9d53fe34841186a31b763c8ae655a)
2024-02-05 16:05:50 +01:00
Earl Warren 20f022de72
[GITEA] add GetFile to config provider
(cherry picked from commit 88d1b53eeaa0d5ad0ed54c191236db928aadedf0)
(cherry picked from commit f63f71afad2aa8272772dba919485c5e858d2fae)
(cherry picked from commit 1f774145fc731e2d93cf8a6708dbf4c15722fa5e)
(cherry picked from commit 53e637693bcbb9fe9daca9a296c9d2c700fc915b)
(cherry picked from commit 4974cbf10a8b51d51591fa6f6281f4cd7a415c91)
(cherry picked from commit 554bca7fae7fa6f0235ab631598115875711d80e)
(cherry picked from commit 61b8cf83b988a2d8547b81cfb7aaeefaf2e17fba)
(cherry picked from commit d8bcc6f68c6dc972e8c99eb7b46a4f096f85cd61)
(cherry picked from commit ee04c340724cccada2c71db45ec510d19e92e099)
(cherry picked from commit 713153a6d63205984f2a85ee07f08269df3b0a85)
(cherry picked from commit 4e18c4f8bb35b02494d75311986fadb87328d477)
(cherry picked from commit 32be9db12df3dea9c12bf803a5226b6ae8cd7b32)
(cherry picked from commit fd50e9b9b4d7cd804e57418056126ed2df9bec6a)
(cherry picked from commit 11717b864bf4d820305511cf22ec50f61604a770)
(cherry picked from commit b70f3e0fa5db9cd90c961138c1ab748aa5c6a4d8)
(cherry picked from commit 2d802b2963d18b28a85a82e01f7a7f18ab8c3192)
(cherry picked from commit f61e2f71e2d629cc4e480f9e61c9b383675da0ef)
(cherry picked from commit 31723651c96d3f20811540aad94878815795da15)
(cherry picked from commit 38f6f703a0dfb04a9d436c8c806f1be513c7ea3a)
(cherry picked from commit 75f6716905755cbe3d7e49d965ab81a47f625bb7)
(cherry picked from commit fed2b2daf5d44348a0096572e91708ac3db5e9c8)
(cherry picked from commit a9bafa50213a3a385ba3901b2730fb84149855cc)
(cherry picked from commit 8ce897b3fe918c5702d5c86d97f1703a1f266697)
(cherry picked from commit c806addcd07c6afb20d9aca833cfa9a33ac680a7)
(cherry picked from commit e70d51bd26b49de93b2fe012a4f03efbe6c97607)
2024-02-05 14:44:33 +01:00
Earl Warren 726f3b1d84
[TESTS] verify facts for the admin storage documentation
(cherry picked from commit 57e597bf7e1e3bb3b7bcbcea66a4ea170a231f85)
(cherry picked from commit 643a2b0e81570e935779f6c509ebe4633fad74b9)
(cherry picked from commit f10faffb4febeef114d5be4e6abe57bd3cd72894)
(cherry picked from commit b440c5767eebdf406200e9a47446827778514425)

[TESTS] verify facts for the admin storage documentation (squash)

(cherry picked from commit d83d8ce57b8b39b4da849f5403198ecf706117ba)
(cherry picked from commit d8855ef27cd1b219184e95ce055bc6d84350ee26)
(cherry picked from commit 11230466ec0c1c4db1296cdd2ead74fc91a34491)
(cherry picked from commit b2cdd9d971b694fe32bab11f9ccdb41a38d7c6fe)
(cherry picked from commit a0a5e785241ac2c3a7493aa62637351021d48a39)
(cherry picked from commit 846413110fb936c386ba7fa80ff67e4394231464)
(cherry picked from commit 72b92d5a7854f5afbd949e0c6e53f3a4f5b72055)
(cherry picked from commit 7e039a9427d7a181ded17d653f49aa26679479e4)
(cherry picked from commit 227d42a1b69a1e542576ddc094d038de210183bb)
(cherry picked from commit 6488950a9b00b746c936fec41e6a9c59c4c02740)
(cherry picked from commit 0285c997749457cb6f67c5f3ca68e62721b53023)
(cherry picked from commit 0527bb20db0b22a1640f7d058399bc42ab8f9b98)
(cherry picked from commit b4d3fd43e314197f059830fe36d532888ef14c62)
(cherry picked from commit b45db6430024313f9530c1443d54630213f3b34b)
(cherry picked from commit 722ab376118847dca33ed5a47b6a41edda132b63)
(cherry picked from commit ff45632b42b1e5e741858a8f3bdb89a6d79cbe3e)
(cherry picked from commit 5144ae2aa7e1d903ecf6047902d9608cb6ae5500)
(cherry picked from commit f51438cd6888b9964c60369fecf64b727fe95ce1)
(cherry picked from commit 5ec304e5a178fb8c067b957233f54d8014df432f)
(cherry picked from commit 440b8c1af1d18f364f290fa385274d821b04c131)
(cherry picked from commit e5bbc626c1228a810bc8d6830cc5a3ee00d1baab)
(cherry picked from commit a996fe0fe4593d2f0432cbd8500f91cbbb011bb2)
2024-02-05 14:44:33 +01:00
Earl Warren 081a155cc1
[SEMVER] store SemVer in ForgejoSemVer after a database upgrade
(cherry picked from commit b7fe7cf401f4bddd6455efc651f7ac054f3fe1cf)
(cherry picked from commit cf339eed4f4851b18448dbdd83df32d00bc6f45b)
(cherry picked from commit 4f3a16168bbeced519a60c32e10e2895d9367238)
(cherry picked from commit 6f5bbc53fcebd614f5ee8627c7d6e3c637ffa694)
(cherry picked from commit aca42b422e76668387769c15868ef77b073bb7db)
(cherry picked from commit 5a7f7580e525694d1f27e12329c8532bd29273f8)
(cherry picked from commit 06c383c807ad49e1e35b429a10c6a11c65aeebe5)
(cherry picked from commit fe831dcb53b81b6cc632be751bfcbfb9bc00efd3)
(cherry picked from commit cd12cd0dbce47c6117ea579ae5019c182155b3a9)
(cherry picked from commit cc79163703ce31706c86b88c38fb8a20ed745e20)
(cherry picked from commit 0102a5715ea6a03b560cc2f0b6cbe2b2576c255e)
(cherry picked from commit 403f7520b3056eace36eae505afbab6a05f597b7)
(cherry picked from commit a3b61510a246f61c174ddc3c288e556522a6aab9)
(cherry picked from commit f83f0f9feb76a8b62ca4d74dc2785c713fbec282)
(cherry picked from commit fd1c3a6d09a057070844cd955d0920518e60f408)
(cherry picked from commit f7cdc3d6f1ad1ff01bb1814207fcb41210db80e8)
(cherry picked from commit 060121b644e0515a6b673cdd514d52e6fa1e6ec3)
(cherry picked from commit 62c847ff0235196e73e860d0d1658f0734985270)
(cherry picked from commit 4d051b51c2813828b978ef84b6b72c0ba051741b)
(cherry picked from commit 86e6981a936b1937065605892083b2488424bf5e)
(cherry picked from commit c1fc9e441b1467033911f3848f82a89aaacf98a9)
(cherry picked from commit 8bb2f0871a507d881acf74acf8fb90fd5ebff567)
(cherry picked from commit 0cd9fe52511ee06f1b8849325d196f60d8ccd151)
(cherry picked from commit b0b44778b4d3e51852d0669dfe6d9a6c334b90e4)
(cherry picked from commit 7c2f4f749f1c8986875eebf95254a3db151e5248)
2024-02-05 14:44:33 +01:00
Panagiotis "Ivory" Vasilopoulos 4df238bda0
[FEAT] Use OpenStreetMap in USER_LOCATION_MAP_URL by default
Follow-up to d58c542579 for Forgejo.

By default, Gitea does not select any map service that can be used
to introduce a 'Show this place on a map' button in the location
field of a user profile. Before I tried upstreaming this change to
Gitea, this was the case in Forgejo. This patch essentially recovers
this functionality, which is nice for public-facing instances and
communities.

Links to original PRs:
- https://codeberg.org/forgejo/forgejo/pulls/1076
- https://github.com/go-gitea/gitea/pull/26214

(cherry picked from commit bb187d5f617f8efceb41810d6ff9adcaa60450bb)
(cherry picked from commit ce02ef9078a8731921caa4f7b0c1b0ac3b59a784)
(cherry picked from commit 6b75c40e2575e23810880ee8e368dc1781e2b4e4)
(cherry picked from commit 6bc8e9f5737f5721ddcd1ef5926a778a7f66a4a3)
(cherry picked from commit 063f8afdf7c2cca014c60dcc3d78d270fd236f8f)
(cherry picked from commit c5cc736b72e1ba980519e9258686f41e4eb78b42)
(cherry picked from commit 7b1bb4bedc6196fb6e8516d9a34092b16d7fab05)
(cherry picked from commit 2a022dceb4b391e2fc25b077193ae22a71380eee)
(cherry picked from commit a946c142d2448cb92daaea11851cf7f00921f062)
(cherry picked from commit 8a4ea0c7ab8960f41a67442fa2f485fe0a901a96)
(cherry picked from commit 37bfb05b34e61194afe407acac5778258315b756)
(cherry picked from commit 12fbbb1754a1a836f6923431e47a5de95aec6b2e)
(cherry picked from commit abe9de2cd91d7c5f176ceddff20ce194439703c4)
(cherry picked from commit 84db57871785d84c2a32edc22f769821b3bec961)
(cherry picked from commit 1beab7af463727ede3b2cc577696f8223fca78d1)
(cherry picked from commit 8779d505f2ab738e24503f74dd7bb6dfc8187996)
(cherry picked from commit 21a788f2eb549a494d52ab23a47533d9a7534ee6)
(cherry picked from commit a7cc6d168772e13bcf0808da14ff1ddf9baa64b2)
(cherry picked from commit 25f840379f19e0b90e69078e6c09a3c36fdf13ac)
(cherry picked from commit 0db65f11224f030877e5279b85af4b9e3e975ca7)
(cherry picked from commit 0e08cbc854cc1561101f1efe68de1d0860f7c905)
(cherry picked from commit 57de51db8d965a6c5a90477f58d2600fa3e7feda)
(cherry picked from commit 5ab3dcabb1461f4453f58718c6802baeffff06c9)
(cherry picked from commit 7b5ad0c13b44a705320965414bb4b366cb5a2a10)
(cherry picked from commit adf449a11595e0f16e6aceaeb0e7bfa277a6c333)
(cherry picked from commit 77aa18227e9f5d675ddae6b9f058f664b0d30795)
2024-02-05 14:44:33 +01:00
Earl Warren 4e5bf59579
[CI] DEFAULT_ACTIONS_URL = https://code.forgejo.org
[CI] Revert "Restrict `[actions].DEFAULT_ACTIONS_URL` to only `github` or `self` (#25581)"

This reverts commit 67bd9d4f1e.

(cherry picked from commit 0547e94023a545fafe82e280dd809e7efd6d86e2)
(cherry picked from commit d21ad654ad0abc243913532326e916899b0e387c)
(cherry picked from commit b905e9d8386c58206234a417769cc17b3be34b62)
(cherry picked from commit 251a5bf235b1723bc2bc324f9e8c03a8668bb5ae)
(cherry picked from commit b370e4769423bec92b0f265f3e3b2b683640024d)
(cherry picked from commit 2cc28d078507027749c14a5448e949ab54b79c66)
(cherry picked from commit ed870a39e98fbb69c435a3a3ef0434fe6163ebe7)
(cherry picked from commit 7bb0c4654ecbbd2feee2c74034c1e2cdca0d6828)
(cherry picked from commit bab1f552c385e3c7d0faa33d28fb8087780ea834)

Conflicts:
	custom/conf/app.example.ini
	modules/setting/actions.go
	https://codeberg.org/forgejo/forgejo/pulls/1413

[CI] DEFAULT_ACTIONS_URL = https://codeberg.org

(cherry picked from commit 52b364ddbd9ac82b9e6f9c1767db2d6b36165011)
(cherry picked from commit 99887cd5673f6da49664b590ad60c83fdbe25a4a)
(cherry picked from commit cd5788782aa5c2ee8baecd57ca1e7882f0854453)
(cherry picked from commit 71c698a704d307c568f247710550d48f27cca4ce)
(cherry picked from commit 71386241dd741a4fa0b67d59a07d84ac31e0b870)
(cherry picked from commit b7ab05aeac12c44acd117d5a4e8d7b4da2ba4aa7)
(cherry picked from commit e78b9ca59c0af867f94d9c9bfae48f8cc9381224)
(cherry picked from commit edb3adf4606af94ed0ab0bd844ef626a39a99297)
(cherry picked from commit 3e400881975340be9148c4549a744395a6dac665)

[BRANDING] DEFAULT_ACTIONS_URL = https://code.forgejo.org

(cherry picked from commit d0e4512c902dec669da36a055a2ea54adb107e0f)
(cherry picked from commit 8ba6e047095e9ecb107d77361664fa83b03ddaa2)
(cherry picked from commit 63490810449b4189ed8538a22182fde1bc89c057)
(cherry picked from commit e06bd444951d1fd94a71ce3d591a8f397f456363)
(cherry picked from commit d58219d8e13f0b4007108d78f8f6f96a1d842c2c)
(cherry picked from commit 052f2c2aa45ae1aa1d59aaf713db4f771f62773b)
(cherry picked from commit 29dc39538631f65eaaf5dcc4eeb747fbc68d7498)
(cherry picked from commit 9eef3f59f3a1347ccc7d6d3704c9f5b40a3b6555)
(cherry picked from commit d650391fedd5b2cac313e29d51cc8689d885a594)
(cherry picked from commit c2e6e8c55d955f1e2b781c983f05319dddcc4386)
(cherry picked from commit e28a47741dc668421989b6b2310365a6611b23b7)

[CI] DEFAULT_ACTIONS_URL support for self & github (squash)

Refs: https://codeberg.org/forgejo/forgejo/issues/1062
(cherry picked from commit 74cc25376ecd1dbab57abffe286ae1f918057cfd)
(cherry picked from commit 405430708ffbebcfd2cefdcdfd24a540985b817c)
(cherry picked from commit 0274a6dee7f383bcd6b65b995b991b5ab0ee635a)
(cherry picked from commit be5cda0fd03b265367c551aefed83456be257075)
(cherry picked from commit d27474849fc4dd4ec958c04b7be06eced8b74d6e)
(cherry picked from commit 4a5e9e2d81f89b5c9e6782d1c24880d62f802d7f)
(cherry picked from commit 65b31906b27c7a6ecaecf74af748e046c51aa7a8)
(cherry picked from commit 13cf0b0963bb110db7229dc5cd4d202e7dec11fb)

Conflicts:
	custom/conf/app.example.ini
	modules/setting/actions.go
	https://codeberg.org/forgejo/forgejo/pulls/1413
(cherry picked from commit 49529badce0a43a07a786b22e2a8705a6a1dbe63)

Conflicts:
	custom/conf/app.example.ini
	docs/content/administration/config-cheat-sheet.en-us.md
	modules/setting/actions.go
	https://codeberg.org/forgejo/forgejo/pulls/1460
(cherry picked from commit 00327b9b1f8512ddb93a07b57fcaee53b701478b)
(cherry picked from commit 3b322e43d5695d540a52259abdde74505241dda9)
(cherry picked from commit 492cc5205908263a2733ba06a6562237406d4c11)

Conflicts:
	modules/setting/actions.go
	https://codeberg.org/forgejo/forgejo/pulls/1573
(cherry picked from commit 9027b655df24bf47f49cc25d3547b6e49f66dde5)
(cherry picked from commit 47643830286025dbff1538e9a6ffc23b05ea3e4b)
(cherry picked from commit fbb00fd1cf9ecf30292aa3053f41076d7bb9027e)
(cherry picked from commit 417cd6c801bb14b38f672fea3371486c12636ebf)
(cherry picked from commit 6b70773ad817f6f3958e958a58c3d918e7d7f00e)
(cherry picked from commit 9ba069327d0c5179bdae7e22ca580f3c460e9ac1)

Conflicts:
	modules/setting/actions.go
	https://codeberg.org/forgejo/forgejo/pulls/1827
(cherry picked from commit 727edf19ee48648d1464f3bb38f85d82900870fa)
(cherry picked from commit 689326ce2093701e57371759eda23ed9b7781286)
(cherry picked from commit 745d60aec426e40a8ac98199e5f342113b39b871)
(cherry picked from commit cb4ae4582c24552167e692871e697cc02384c054)
(cherry picked from commit 48d5ffe1c0345f612e96acb2459c80431fa94993)

Conflicts:
	custom/conf/app.example.ini
	https://codeberg.org/forgejo/forgejo/pulls/2068
(cherry picked from commit bbd4725bfdd82aa801ec0541c7dbdef9b39dcb1d)
(cherry picked from commit 04eda91d10889febaee3f1b824defb2c0c9fb493)
(cherry picked from commit d3621e46349645ad5e194ba6a21d4f607c403c8c)
(cherry picked from commit 08da63cc4daacabf53ed18f4e521375b49bea8fe)
(cherry picked from commit dc6d291b7127e92ae05bb51c6ae018734fbc3fc7)
2024-02-05 13:33:58 +01:00
wackbyte d9b3849454
Fix inconsistent naming of OAuth 2.0 ENABLE setting (#28951)
Renames it to `ENABLED` to be consistent with other settings and
deprecates it.

I believe this change is necessary because other setting groups such as
`attachment`, `cors`, `mailer`, etc. have an `ENABLED` setting, but
`oauth2` is the only one with an `ENABLE` setting, which could cause
confusion for users.

This is no longer a breaking change because `ENABLE` has been set as
deprecated and as an alias to `ENABLED`.
2024-01-28 12:36:44 +00:00
sdvcrx 80d48621cd
Fix incorrect PostgreSQL connection string for Unix sockets (#28865)
Fix #28864
2024-01-20 16:04:47 +00:00
Viktor Kuzmin 49eb168677
Retarget depending pulls when the parent branch is deleted (#28686)
Sometimes you need to work on a feature which depends on another (unmerged) feature.
In this case, you may create a PR based on that feature instead of the main branch.
Currently, such PRs will be closed without the possibility to reopen in case the parent feature is merged and its branch is deleted.
Automatic target branch change make life a lot easier in such cases.
Github and Bitbucket behave in such way.

Example:
$PR_1$: main <- feature1
$PR_2$: feature1 <- feature2

Currently, merging $PR_1$ and deleting its branch leads to $PR_2$ being closed without the possibility to reopen.
This is both annoying and loses the review history when you open a new PR.

With this change, $PR_2$ will change its target branch to main ($PR_2$: main <- feature2) after $PR_1$ has been merged and its branch has been deleted.

This behavior is enabled by default but can be disabled.
For security reasons, this target branch change will not be executed when merging PRs targeting another repo. 

Fixes #27062
Fixes #18408

---------

Co-authored-by: Denys Konovalov <kontakt@denyskon.de>
Co-authored-by: delvh <dev.lh@web.de>
2024-01-17 01:44:56 +01:00
Yarden Shoham 5a7bacb005
Warn that DISABLE_QUERY_AUTH_TOKEN is false only if it's explicitly defined (#28783)
So we don't warn on default behavior

- Fixes https://github.com/go-gitea/gitea/issues/28758
- Follows https://github.com/go-gitea/gitea/pull/28390

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
2024-01-14 21:20:18 +01:00
wxiaoguang 2df7563f31
Recommend/convert to use case-sensitive collation for MySQL/MSSQL (#28662)
Mainly for MySQL/MSSQL.

It is important for Gitea to use case-sensitive database charset
collation. If the database is using a case-insensitive collation, Gitea
will show startup error/warning messages, and show the errors/warnings
on the admin panel's Self-Check page.

Make `gitea doctor convert` work for MySQL to convert the collations of
database & tables & columns.

* Fix #28131

## ⚠️ BREAKING ⚠️

It is not quite breaking, but it's highly recommended to convert the
database&table&column to a consistent and case-sensitive collation.
2024-01-10 11:03:23 +00:00
wxiaoguang e75e9a0e7e
Fix panic when parsing empty pgsql host (#28708)
Regression of #27723
Fix #28705
2024-01-06 17:30:03 +08:00
Kyle D 54acf7b0d4
Normalize oauth email username (#28561) 2024-01-03 18:48:20 -06:00
Yarden Shoham cdc33b29a0
Add global setting how timestamps should be rendered (#28657)
- Resolves https://github.com/go-gitea/gitea/issues/22493
- Related to https://github.com/go-gitea/gitea/issues/4520

Some admins prefer all timestamps to display the full date instead of
relative time. They can do that now by setting

```ini
[ui]
PREFERRED_TIMESTAMP_TENSE = absolute
```

This setting is set to `mixed` by default, allowing dates to render as
"5 hours ago". Here are some screenshots of the UI with this setting set
to `absolute`:

![image](https://github.com/go-gitea/gitea/assets/20454870/f496457f-6afa-44be-a1e7-249ee5fe0706)

![image](https://github.com/go-gitea/gitea/assets/20454870/c03b14f5-063d-4e13-9780-76ab002d76a9)

![image](https://github.com/go-gitea/gitea/assets/20454870/f4b34e28-1546-4374-9199-c43348844edd)

---------

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: delvh <dev.lh@web.de>
2024-01-02 09:25:30 +08:00
wxiaoguang e5d8c4b8d4
Avoid cycle-redirecting user/login page (#28636)
Fix #28231, and remove some unused code. The `db.HasEngine` doesn't seem
useful because the db engine is always initialized before web route.
2023-12-30 08:48:34 +00:00
wxiaoguang b41925cee3
Refactor CORS handler (#28587)
The CORS code has been unmaintained for long time, and the behavior is
not correct.

This PR tries to improve it. The key point is written as comment in
code. And add more tests.

Fix #28515
Fix #27642
Fix #17098
2023-12-25 20:13:18 +08:00
Lunny Xiao 177cea7c70
Make offline mode as default to no connect external avatar service by default (#28548)
To keep user's privacy, make offline mode as true by default.

Users can still change it from installation ui and app.ini
2023-12-21 07:42:16 +00:00
Lunny Xiao e7cb8da2a8
Always enable caches (#28527)
Nowadays, cache will be used on almost everywhere of Gitea and it cannot
be disabled, otherwise some features will become unaviable.

Then I think we can just remove the option for cache enable. That means
cache cannot be disabled.
But of course, we can still use cache configuration to set how should
Gitea use the cache.
2023-12-19 09:29:05 +00:00
wxiaoguang 20929edc99
Add option to disable ambiguous unicode characters detection (#28454)
* Close #24483
* Close #28123
* Close #23682
* Close #23149

(maybe more)
2023-12-17 14:38:54 +00:00
Jack Hay 4e879fed90
Deprecate query string auth tokens (#28390)
## Changes
- Add deprecation warning to `Token` and `AccessToken` authentication
methods in swagger.
- Add deprecation warning header to API response. Example: 
  ```
  HTTP/1.1 200 OK
  ...
  Warning: token and access_token API authentication is deprecated
  ...
  ```
- Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth
tokens entirely. Default is `false`

## Next steps
- `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and
the methods should be removed in swagger
- `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of
the auth methods in question should be removed

## Open questions
- Should there be further changes to the swagger documentation?
Deprecation is not yet supported for security definitions (coming in
[OpenAPI Spec version
3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506))
- Should the API router logger sanitize urls that use `token` or
`access_token`? (This is obviously an insufficient solution on its own)

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-12-12 03:48:53 +00:00
wxiaoguang 1e512b800c
Use filepath instead of path to create SQLite3 database file (#28374) 2023-12-06 16:57:52 +00:00
capvor c1b86ecdab
Fix incorrect default value of [attachment].MAX_SIZE (#28373) 2023-12-06 10:59:56 -05:00
Denys Konovalov 816e46ee7c
add skip ci functionality (#28075)
Adds the possibility to skip workflow execution if the commit message
contains a string like [skip ci] or similar.

The default strings are the same as on GitHub, users can also set custom
ones in app.ini

Reference:
https://docs.github.com/en/actions/managing-workflow-runs/skipping-workflow-runs

Close #28020
2023-11-18 13:37:08 +02:00
Nanguan Lin f63b116697
Change default size of attachments and repo files (#28100)
https://github.com/go-gitea/gitea/pull/27946 forgets to change them in
code. Sorry about that.
2023-11-17 11:42:00 +00:00
wxiaoguang 17d246cdcc
Fix incorrect pgsql conn builder behavior (#28085)
Fix #28083 and fix the tests
2023-11-17 02:30:57 +00:00
6543 16ba16dbe9
Allow to set explore page default sort (#27951)
as title


---
*Sponsored by Kithara Software GmbH*
2023-11-09 10:11:45 +00:00
Moritz Poldrack 9b6e77c489
refactor postgres connection string building (#27723)
This patchset changes the connection string builder to use net.URL and
the host/port parser to use the stdlib function for splitting host from
port. It also adds a footnote about a potentially required portnumber
for postgres UNIX sockets.

Fixes: #24552
2023-11-01 18:00:20 +00:00
Lunny Xiao d519a39302
Support storage base path as prefix (#27827)
This PR adds a prefix path for all minio storage and override base path
will override the path.
The previous behavior is undefined officially, so it will be marked as
breaking.
2023-11-01 19:17:18 +08:00
KN4CK3R c6c829fe3f
Enhanced auth token / remember me (#27606)
Closes #27455

> The mechanism responsible for long-term authentication (the 'remember
me' cookie) uses a weak construction technique. It will hash the user's
hashed password and the rands value; it will then call the secure cookie
code, which will encrypt the user's name with the computed hash. If one
were able to dump the database, they could extract those two values to
rebuild that cookie and impersonate a user. That vulnerability exists
from the date the dump was obtained until a user changed their password.
> 
> To fix this security issue, the cookie could be created and verified
using a different technique such as the one explained at
https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies.

The PR removes the now obsolete setting `COOKIE_USERNAME`.
2023-10-14 00:56:41 +00:00
Jason Song 2c7b6c378e
Increase queue length (#27555) 2023-10-10 18:47:49 +08:00
wxiaoguang e2e0280108
Fix environment-to-ini inherited key bug (#27543)
Fix  #27541

The INI package has a quirk: by default, the keys are inherited.
When maintaining the keys, the newly added sub key should not be
affected by the parent key.
2023-10-10 01:10:37 +08:00
M Hickford a825cc0f34
Pre-register OAuth application for tea (#27509)
It remains to implement OAuth login in tea
https://gitea.com/gitea/tea/issues/598

Fixes #27510
2023-10-08 03:51:08 +00:00
silverwind 023e937141
Rename the default themes to gitea-light, gitea-dark, gitea-auto (#27419)
Part of https://github.com/go-gitea/gitea/issues/27097:

- `gitea` theme is renamed to `gitea-light`
- `arc-green` theme is renamed to `gitea-dark`
- `auto` theme is renamed to `gitea-auto`

I put both themes in separate CSS files, removing all colors from the
base CSS. Existing users will be migrated to the new theme names. The
dark theme recolor will follow in a separate PR.

## ⚠️ BREAKING ⚠️

1. If there are existing custom themes with the names `gitea-light` or
`gitea-dark`, rename them before this upgrade and update the `theme`
column in the `user` table for each affected user.
2. The theme in `<html>` has moved from `class="theme-name"` to
`data-theme="name"`, existing customizations that depend on should be
updated.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-10-06 09:46:36 +02:00
Eng Zer Jun 13d5d2e711
Remove redundant len check around loop (#27464)
This pull request is a minor code cleanup.

From the Go specification (https://go.dev/ref/spec#For_range):

> "1. For a nil slice, the number of iterations is 0."
> "3. If the map is nil, the number of iterations is 0."

`len` returns 0 if the slice or map is nil
(https://pkg.go.dev/builtin#len). Therefore, checking `len(v) > 0`
before a loop is unnecessary.

---

At the time of writing this pull request, there wasn't a lint rule that
catches these issues. The closest I could find is
https://staticcheck.dev/docs/checks/#S103

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2023-10-06 14:49:37 +08:00
wxiaoguang 9f8d59858a
Refactor system setting (#27000)
This PR reduces the complexity of the system setting system.

It only needs one line to introduce a new option, and the option can be
used anywhere out-of-box.

It is still high-performant (and more performant) because the config
values are cached in the config system.
2023-10-05 09:08:19 +08:00
Francesco Antognazza bc21723717
Make Actions tasks/jobs timeouts configurable by the user (#27400)
With this PR we added the possibility to configure the Actions timeouts
values for killing tasks/jobs.
Particularly this enhancement is closely related to the `act_runner`
configuration reported below:
```
# The timeout for a job to be finished.
# Please note that the Gitea instance also has a timeout (3h by default) for the job.
# So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
timeout: 3h
```

---

Setting the corresponding key in the INI configuration file, it is
possible to let jobs run for more than 3 hours.

Signed-off-by: Francesco Antognazza <francesco.antognazza@gmail.com>
2023-10-02 23:09:26 +02:00
wxiaoguang c0ed26f987
Remove some dead code (#27196)
Some code is not in use any more, remove them.
2023-09-22 23:30:31 +08:00
Lunny Xiao e5ec57cd60
Actions are no longer experimental, so enable them by default (#27054)
This PR makes the actions enabled by default, so people will find it
easier to enable actions in repository setting.
2023-09-15 06:43:39 +00:00
wxiaoguang 998cea5888
Use secure cookie for HTTPS sites (#26999)
If the AppURL(ROOT_URL) is an HTTPS URL, then the COOKIE_SECURE's
default value should be true.

And, if a user visits an "http" site with "https" AppURL, they won't be
able to login, and they should have been warned. The only problem is
that the "language" can't be set either in such case, while I think it
is not a serious problem, and it could be fixed easily if needed.

![image](https://github.com/go-gitea/gitea/assets/2114189/7bc9a859-dcc1-467d-bc7c-1dd6a10389e3)
2023-09-11 17:03:51 +08:00
wxiaoguang e7745c94f8
Fix INI parsing for value with trailing slash (#26995)
Fix #26977 (a temp fix)
2023-09-10 16:15:51 +00:00
Lunny Xiao e97e883ad5
Add reverseproxy auth for API back with default disabled (#26703)
This feature was removed by #22219 to avoid possible CSRF attack.

This PR takes reverseproxy auth for API back but with default disabled.

To prevent possbile CSRF attack, the responsibility will be the
reverseproxy but not Gitea itself.

For those want to enable this `ENABLE_REVERSE_PROXY_AUTHENTICATION_API`,
they should know what they are doing.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-09-07 08:31:46 +00:00
FuXiaoHei 460a2b0edf
Artifacts retention and auto clean up (#26131)
Currently, Artifact does not have an expiration and automatic cleanup
mechanism, and this feature needs to be added. It contains the following
key points:

- [x] add global artifact retention days option in config file. Default
value is 90 days.
- [x] add cron task to clean up expired artifacts. It should run once a
day.
- [x] support custom retention period from `retention-days: 5` in
`upload-artifact@v3`.
- [x] artifacts link in actions view should be non-clickable text when
expired.
2023-09-06 07:41:06 +00:00
Chongyi Zheng ad43486cd3
Fix some slice append usages (#26778)
Co-authored-by: delvh <dev.lh@web.de>
2023-08-29 15:47:26 +00:00
mainboarder c533991519
Expanded minimum RSA Keylength to 3072 (#26604)
German Federal Office for Information Security requests in its technical
guideline BSI TR-02102-1 RSA Keylength not shorter than 3000bits
starting 2024, in the year 2023 3000bits as a recommendation. Gitea
should request longer RSA Keys by default in favor of security and drop
old clients which do not support longer keys.


https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.pdf?__blob=publicationFile&v=9
- Page 19, Table 1.2

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-08-28 00:53:16 +00:00
techknowlogick b3f7137174
Update minimum password length requirements (#25946) 2023-08-21 19:27:50 +00:00