p85947160
/
gitea
1
0
Fork 1
Code Issues Pull Requests 1 Projects Releases Wiki Activity

测试PR001 #2

Open
p85947160 wants to merge 1 commits from main into master
Conversation 0 Commits 1 Files Changed 1 +2
p85947160 commented 2022-04-01 11:04:13 +08:00
Owner

测试PR001

测试PR001
p85947160 added 1137 commits 2022-04-01 11:04:14 +08:00
920c0bde2d
Kd/add bountysource () 
* Add bountysource to Sponsors link

* Add badge to readme
60a3297a33
Use ServerError provided by Context () 
... instead of InternalServerError by macaron
84b147c7f0
Use IsProd instead of testing if it's equal. () 
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
a21adf92ec
restrict query selector to edit form () 
Co-authored-by: Lauris BH <lauris@nix.lv>
bfd0c47ef6
Kd/fix allow svg doctype () 
* make svg regex case-insensitive & use strict word boundary

* allow doctype svg

* add doctype tests

* allow <!DOCTYPE svg> and <svg/>
3091600cc8
KanBan: be able to set default board () 
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: zeripath <art27@cantab.net>
dc66e4740f
Fix middlewares sequences () 
Co-authored-by: 6543 <6543@obermui.de>
acb1ceb1f4
Add review requested filter on pull request overview () 
* Add review requested filter on pull request overview 

fix formatting

* add review_requested filter to /repos/issues/search API endpoint

* only Approve and Reject status should supersede Request status

* add support for team reviews

* refactor: remove duplication of issue filtering conditions
21da519c0c
Implement ghost comment mitigation () 
* Implement ghost comment mitigation

Adds a config option USER_DELETE_WITH_COMMENTS_MAX_DAYS to the [service] section. See https://codeberg.org/Codeberg/Discussion/issues/24 for the underlying issue.

* cleanup

* use setting module correctly

* add to docs

Co-authored-by: Moritz Marquardt <git@momar.de>
f5abe2f563
Upgrade blevesearch dependency to v2.0.1 () 
* Upgrade blevesearch dependency to v2.0.1

* Update rupture to v1.0.0

* Fix test
f95dce2f10
exclude authored PRs from Review Requested filter () 
Co-authored-by: Lauris BH <lauris@nix.lv>
127907c5e6
Allow passcode invalid error to appear () 
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2686e6bbbe
Check if label template exist first () 
* add check

* refactor

* rollback repo on error after session closed
b59ed41e81
Use path not filepath in routers/editor () 
The incorrect use of filepath instead of path means that
it is possible to cause a stackoverflow on Windows

Signed-off-by: Andrew Thornton <art27@cantab.net>
b4dc080c96
It seems vet on windows is unnecessary () 
* It seems vet on windows is unnecessary

* add vet back to drone but remove GOOS and GOARCH when build vet
185c5ae2c4
Update back-up restore example for 1.13 changes () 
Signed-off-by: Daniël Vos <danielvos@outlook.com>

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
0c0445c97a
Add pager to the branches page () 
* Add pager to the branches page

* override pageSize if bigger than max

* Make branches commit range configurable

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: silverwind <me@silverwind.io>
e05670da84
Note that all template directories are relative to the `CustomPath` configuration, not a `custom` directory inside it () 
* Note that all template directories are relative to the `CustomPath` configuration, not a `custom` directory inside it.

This is a minor clarification, which makes locating where the templates need to be much easier

* Note that it's possible to read the `GITEA_CUSTOM` value from the admin

* Use "$GITEA_CUSTOM" as placeholder

It's more obvious it's a variable and not a typo
135b0e502d
Fix log http status is always zero () 
* Fix log http status is always zero

* Fix lint

Co-authored-by: 6543 <6543@obermui.de>
172229966c
Prevent panic on fuzzer provided string () 
* Prevent panic on fuzzer provided string

The fuzzer has found that providing a <body> tag with an attribute to
PostProcess causes a panic. This PR removes any rendered html or body
tags from the output.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Placate lint

* placate lint again

Signed-off-by: Andrew Thornton <art27@cantab.net>

* minor cleanup

Signed-off-by: Andrew Thornton <art27@cantab.net>
ef85bf84ee
Project: show referenced PRs in issue cards () 
Co-authored-by: Lauris BH <lauris@nix.lv>
cb08248c33
Add support for ed25519_sk and ecdsa_sk SSH keys () 
* Add support for ed25519_sk and ecdsa_sk SSH keys

These start with sk-ssh-ed25519@openssh.com and sk-ecdsa-sha2-nistp256@openssh.com.
They are supported in recent versions of go x/crypto/ssh and OpenSSH 8.2
or higher.

* skip ssh-keygen

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Andrew Thornton <art27@cantab.net>
26da20aa93
load U2F js only on pages which need it () 
* load U2F js only on pages which need it

* Update templates/base/head.tmpl
1c230f69d9
update ssh passthrough () 
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
56a8929605
Comment - Reference in new issue () 
* Implemented "Reference in new issue"

* Fixed menu style on "pulls/x/files" because "button" has a style.

* Added context menu for PR file comments.

* Use only a single modal for every comment.

* Use current repository as default. Added search filter.

* Added suggested changes.

* Fixed assignment.

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
b5570d3e68
Display current stopwatch in navbar () 
* add notification about running stopwatch to header

* serialize seconds, duration in stopwatches api

* ajax update stopwatch

i should get my testenv working locally...

* new variant: hover dialog

* noscript compatibility

* js: live-update stopwatch time

* js live update robustness
81c833d92d
Add support to migrate from gogs () 
Add support to migrate gogs:

  *  issues
  *  comments
  *  labels
  *  milestones
  *  wiki


Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Andrew Thornton <art27@cantab.net>
af7054511e
Add TrN for repository limit () 
* Added TrN for repository limit

* Removed form.reach_limit_of_creation_0

* disable Create Button if user can not create

Co-authored-by: 6543 <6543@obermui.de>
20f980dcc2
ensure timeout error is shown on u2f timeout () 
Signed-off-by: Andrew Thornton <art27@cantab.net>
a0e424da85
Enhance Ghost comment mitigation Settings () 
* refactor models.DeleteComment and delete related reactions too

* use deleteComment for UserDeleteWithCommentsMaxDays in DeleteUser

* nits

* Use time.Duration as other time settings have

* docs

* Resolve Fixme & fix potential deadlock

* Disabled by Default

* Update Config Value Description

* switch args

* Update models/issue_comment.go

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
61f9a72f24
Bump gsap from 3.5.1 to 3.6.0 () 
Bumps [gsap](https://github.com/greensock/GSAP) from 3.5.1 to 3.6.0.
- [Release notes](https://github.com/greensock/GSAP/releases)
- [Commits](https://github.com/greensock/GSAP/compare/3.5.1...3.6.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
b672899372
Add german translation guidelines () 
* Add german translation guidelines

* Add German Language to Docs

* add Translation cateory & move guidelines into it

Co-authored-by: kolaente <k@knt.li>
Co-authored-by: 6543 <6543@obermui.de>
271a011ba1
Fix close/reopen with comment () 
it previously only worked for the simple textarea, and not for the rich textarea
6764e8f7b8
CI: Update license & gitignore by cron () 
do generate-license & generate-gitignore by cron

close 

Signed-off-by: a1012112796 <1012112796@qq.com>
9872b8d97a
Improve Description in new/ edit Project template () 
Fixes 

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
93a734b3b5
CI: skip build steps for cron update works () 
Signed-off-by: a1012112796 <1012112796@qq.com>
4f608ad31f
chore: bump minio to RELEASE.2021-01-16T02-19-44Z () 
-    image: minio/minio:RELEASE.2020-10-09T22-55-05Z
+    image: minio/minio:RELEASE.2021-01-16T02-19-44Z
bc05ddc0eb
Redirect on changed user and org name () 
* Add redirect for user

* Add redirect for orgs

* Add user redirect test

* Appease linter

* Add comment to DeleteUserRedirect function

* Fix locale changes

* Fix GetUserByParams

* Fix orgAssignment

* Remove debug logging

* Add redirect prompt

* Dont Export DeleteUserRedirect & only use it within a session

* Unexport newUserRedirect

* cleanup

* Fix & Dedub API code

* Format Template

* Add Migration & rm dublicat

* Refactor: unexport newRepoRedirect() & rm dedub del exec

* if this fails we'll need to re-rename the user directory

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
d2ea21d0d8
Use caddy's certmagic library for extensible/robust ACME handling () 
* use certmagic for more extensible/robust ACME cert handling

* accept TOS based on config option

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
6433ba0ec3
Move macaron to chi () 
Use [chi](https://github.com/go-chi/chi) instead of the forked [macaron](https://gitea.com/macaron/macaron). Since macaron and chi have conflicts with session share, this big PR becomes a have-to thing. According my previous idea, we can replace macaron step by step but I'm wrong. :( Below is a list of big changes on this PR.

- [x] Define `context.ResponseWriter` interface with an implementation `context.Response`.
- [x] Use chi instead of macaron, and also a customize `Route` to wrap chi so that the router usage is similar as before.
- [x] Create different routers for `web`, `api`, `internal` and `install` so that the codes will be more clear and no magic .
- [x] Use https://github.com/unrolled/render instead of macaron's internal render
- [x] Use https://github.com/NYTimes/gziphandler instead of https://gitea.com/macaron/gzip
- [x] Use https://gitea.com/go-chi/session which is a modified version of https://gitea.com/macaron/session and removed `nodb` support since it will not be maintained. **BREAK**
- [x] Use https://gitea.com/go-chi/captcha which is a modified version of https://gitea.com/macaron/captcha
- [x] Use https://gitea.com/go-chi/cache which is a modified version of https://gitea.com/macaron/cache
- [x] Use https://gitea.com/go-chi/binding which is a modified version of https://gitea.com/macaron/binding
- [x] Use https://github.com/go-chi/cors instead of https://gitea.com/macaron/cors
- [x] Dropped https://gitea.com/macaron/i18n and make a new one in `code.gitea.io/gitea/modules/translation`
- [x] Move validation form structs from `code.gitea.io/gitea/modules/auth` to `code.gitea.io/gitea/modules/forms` to avoid dependency cycle.
- [x] Removed macaron log service because it's not need any more. **BREAK**
- [x] All form structs have to be get by `web.GetForm(ctx)` in the route function but not as a function parameter on routes definition.
- [x] Move Git HTTP protocol implementation to use routers directly.
- [x] Fix the problem that chi routes don't support trailing slash but macaron did.
- [x] `/api/v1/swagger` now will be redirect to `/api/swagger` but not render directly so that `APIContext` will not create a html render. 

Notices:
- Chi router don't support request with trailing slash
- Integration test `TestUserHeatmap` maybe mysql version related. It's failed on my macOS(mysql 5.7.29 installed via brew) but succeed on CI.

Co-authored-by: 6543 <6543@obermui.de>
a598877fdf
Cron job to cleanup hook_task table () 
Close **Prune hook_task Table ()**

Added a cron job to delete webhook deliveries in the hook_task table. It can be turned on/off and the schedule controlled globally via app.ini. The data can be deleted by either the age of the delivery which is the default or by deleting the all but the most recent deliveries _per webhook_.

Note: I had previously submitted pr   but I closed it when I realized that I had deleted per repository instead of per webhook. Also, I decided allowing the settings to be overridden via the ui was overkill. Also this version allows the deletion by age which is probably what most people would want.
d3aa4971c7
Fix bug because of duplicated join () 
* Fix bug because of duplicated join

* Move join into setupsession

* Fix bug

* Fix bug

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
b2c20b68a0
Print usefull error if SQLite is used in settings but not supported () 
* move log output to points where they are relefant

* check explicit of sqlite3 in settings
c10503afec
[Feature] add precise search type for Elastic Search () 
* feat: add type query parameters for specifying precise search

* feat: add select dropdown in search box

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
af7f71207c
Fix: url.Values map was not initialized () 
Values map was not initialized, leading to error 500 on submission of initial configuration

Co-authored-by: 6543 <6543@obermui.de>
669ff8e9b1
Fix switch language () 
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
41c0776568
Fix captcha () 
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
a51cc6dea4
Fix access log () 
Fix , .

The `AccessLog` middleware has to be after `Contexter` or `APIContexter` so that we can get `LoginUserName` if possible.
And also there is a **BREAK** change that it removed internal API access log.
154b23da0a
Fix display since time round () 
* Fix display since time round

* Fix since time

* Fix tests
d1353e1f7c
Vendor Update () 
* update code.gitea.io/sdk/gitea v0.13.1 -> v0.13.2

* update github.com/go-swagger/go-swagger v0.25.0 -> v0.26.0

* update github.com/google/uuid v1.1.2 -> v1.2.0

* update github.com/klauspost/compress v1.11.3 -> v1.11.7

* update github.com/lib/pq 083382b7e6fc -> v1.9.0

* update github.com/markbates/goth v1.65.0 -> v1.66.1

* update github.com/mattn/go-sqlite3 v1.14.4 -> v1.14.6

* update github.com/mgechev/revive 246eac737dc7 -> v1.0.3

* update github.com/minio/minio-go/v7 v7.0.6 -> v7.0.7

* update github.com/niklasfasching/go-org v1.3.2 -> v1.4.0

* update github.com/olivere/elastic/v7 v7.0.21 -> v7.0.22

* update github.com/pquerna/otp v1.2.0 -> v1.3.0

* update github.com/xanzy/go-gitlab v0.39.0 -> v0.42.0

* update github.com/yuin/goldmark v1.2.1 -> v1.3.1
99b7af6fc8
Add some Unit-Tests () 
* fix url

* modules/auth/pa: coverage: 40#.0%

* modules/base coverage: 67.6% -> 89.9%

* modules/cache coverage: 0% -> 12.0%

* modules/convert coverage: 27.1% -> 29.7%
3599d44399
Extend TestUserOrgs to cover permission cases () 
* TestMyOrgs: add unauthorized test

* Extend TestUserOrgs, to cover permission cases
2ebe609d65
Fix migration v141 () 
* Fix mig 141

* Add Migration to fix it

* update null values to false first

* Alter Table if posible

* use dropTableColumns instead of recreateTable

* MySQL use Alter

* Postgres use Alter

* Update models/migrations/v167.go

* Apply suggestions from code review

* use 2x add col & 2x update & 2x drop col

* let sqlite be the only issue

* use recreate since it just WORKS
f19da14c34
enhancement: add signoff option in commit form () 
Signed-off-by: a1012112796 <1012112796@qq.com>
e92552abb4
noop () 
Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
0e0424c8ec
Add Doctor FixWrongUserType () 
* Add Doctor FixWrongUserType

* use NoAutoTime
5e20fd6dbf
Move middlewares to web/middleware () 
Co-authored-by: 6543 <6543@obermui.de>
fcfbab99fc
Set the name Mapper in migrations () 
Migrations currently uses the default Xorm mapper which is
not the same as the mapper Gitea actually uses.

This means that there is a difference between the struct
parsing and mapping to database tables in migrations as
compared to normal Sync2.

This was the cause for the catastrophic problem in v168 -
untagged fields are not mapped in the same way in migrations
as compared to outside of migrations.

This is also likely the cause of some weird subtle failures
in other migrations as any untagged field may not be being
mapped exactly the same way.

This PR suggests that we ensure that the mapper is set at
the start of the migrations code - but also enforces a strict
clean mapper between each migration.

Signed-off-by: Andrew Thornton <art27@cantab.net>
6d27703f14
[API] List, Check, Add & delete endpoints for repository teams () 
* List, Check, Add & delete endpoints for repository teams

* return units on single team responce too

* Add Tests
1737a76e1f
Adding Chi's GetHead middleware () 
Before moving to Chi, HEAD requests were automatically answered by GET
handlers (SetAutoHead(true) from macaron was used).

This Change will restore the previous behaviour.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
bd28f1d642
[Docs] Clone filters () 
In summary: set uploadpack.allowfilter

Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com>
0d1444751f
[API] Add pagination to ListBranches () 
* make PaginateUserSlice generic -> PaginateSlice

* Add pagination to ListBranches

* add skip, limit to Repository.GetBranches()

* Move routers/api/v1/utils/utils PaginateSlice -> modules/util/paginate.go

* repo_module.GetBranches paginate

* fix & rename & more logging

* better description

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: a1012112796 <1012112796@qq.com>
87009ab40a
Reduce data races () 
* Add race conditions into test

* Fix Race in GetManager()

* DataAsync() use error chan

* just log no chan

* finish
3c965c3e30
[API] GetRelease by tag only return release () 
get release by tag should filter out tag releases to be consistent with list releases and get by id

Co-authored-by: 6543 <6543@obermui.de>
80b1d02b2f
Fix gpg key deletion () 
* Fix GPG key deletion when user is deleted

Per , deleting a user account will delete the user's GPG keys
from the `gpg_key` table but not from `gpg_key_import`, which causes
an error when creating an account with the same email and attempting
to re-add the same key. This commit deletes all entries from
`gpg_key_import` that match any GPG key IDs belonging to the user.

* Format added code in models/user.go

* Create a new function for listing GPG keys and apply it

Create a new function `listGPGKeys` and replace a previous use
of `ListGPGKeys`. Thanks to @6543 for the patch.

Co-authored-by: Anton Khimich <anton.khimicha@mail.utoronto.ca>
Co-authored-by: 6543 <6543@obermui.de>
3537d80088
Fix bug about ListOptions and stars/watchers pagnation () 
* Fix bug about ListOptions and stars/watchers pagnation

* fix unit test

Co-authored-by: 6543 <6543@obermui.de>
1ea4339332
Fix typo in generate-emoji.go () 
modifer -> modifier

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
4457d0e8d9
Honor REGISTER_MANUAL_CONFIRM when doing openid registration () 
REGISTER_MANUAL_CONFIRM is not honored when doing performing an openid registration. The new account is directly accessible.

With this patch, the manual confirm flag gets honored in the same way as a "normal" registration.
f72ce26326
Add Content-Length header to HEAD requests () 
* Add Content-Length header to HEAD requests

This change adds the header Content-Length to HEAD HTTP requests.

The previous behaviour was blocking some Windows executables (i.e
bitsadmin.exe) from downloading files hosted in Gitea.

This along with PR , makes the web server compliant with HTTP RFC 2616 which states
"The methods GET and HEAD MUST be supported by all general-purpose servers"
and
"The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response."

This should also respond to issues  and .

* This change adds the header Content-Length to HEAD HTTP requests

Pass the Size of the content as a parameter to ServeData() instead of
calculating it using ioutil.ReadAll(reader) --> this call is dangerous
and can result in a denial of service.

* Add Content-Length header to HEAD requests

Quick fix for imported dependency not used.

* Check if size is positiv int ...

Co-authored-by: zeripath <art27@cantab.net>
19fccdc45d
Fix locale init () 
just log if lang is already loaded since we can not reload it

Co-authored-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
cbe7f5296e
[API] Add affected files of commits to commit struct () 
* Add files affected by a commit to gitea API -- similar to github

* Add files affected by a commit to gitea API

* Fix stupid error

* Fix other stupid typo

* Generate swagger tmpl

* Comply with convert to git commit refacto

* update swagger docs

* extend test

* format code

* Update integrations/api_repo_git_commits_test.go

* Update modules/convert/git_commit.go

Co-authored-by: Laurent Cahour <laurent.cahour@dont-nod.com>
Co-authored-by: zeripath <art27@cantab.net>
5f248d0df2
[API] Add delete release by tag & fix unreleased inconsistency () 
* DeleteReleaseByTag delete release not git tags

* Add api to delete tag (without release)

* fix & extend tests

* fix swagger doc
e65cfabda7
Remove spurious DataAsync Error logging () 
Breaking the pipe is a valid way of killing a piped command and any error from
a broken cat-file batch command should be passed back up to the writer any way
therefore specifically logging it is unnecessary.

Signed-off-by: Andrew Thornton <art27@cantab.net>
3477e616ab
Exclude the current dump file from the dump () 
* Exclude the current dump file from the dump

Always prevent the current file from being added to the dump.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add skip custom directory option

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
98827e99f6
Add information on how to build statically () 
Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
378acc9d96
Use OldRef instead of CommitSHA for DeleteBranch comments () 
Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
758627cf8f
Fixed irritating error message related to go version () 
I do have go-1.13.8 installed and get the error message

```
Gitea requires Go 1.13 or greater to build. You can get it at https://golang.org/dl/
```

I do thing that Go 1.14 or greater is actually required
b337c606d3
Add support for ref parameter to get raw file API () 
Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
3a4801d195
Truncated organisations name () 
- truncate to max length 40
- add CSS ellipsis
30f7ddb833
Ensure memcache TTL cannot be over 30 days () 
Memcached TTL cannot be > 30 days and if it is attempted the TTL is interpreted as
a unix timestamp.

This PR ensures that the TTL is switched to a unix timestamp in those cases.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
f82b1dd7c3
Prevent adding nil label to .AddedLabels or .RemovedLabels () 
* Prevent adding nil label to .AddedLabels or .RemovedLabels

There are possibly a few old databases out there with malmigrated data that can
cause panics with empty labels being migrated.

This PR adds a few tests to prevent nil labels being added.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add doctor command to remove the broken label comments

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
f9abf94bd9
HasPreviousCommit causes recursive load of commits unnecessarily () 
This PR improves HasPreviousCommit to prevent the automatic and recursive loading
of previous commits using git merge-base --is-ancestor and git rev-list

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
0a23079485
Do not assume all 40 char strings are SHA1s () 
GetCommit() assumes that all 40 char strings are SHA1s. This leads to an
error if you try to do a PR on a branch which is 40 characters long.

This PR attempts the SHA first - and if it fails will switch to using rev-parse.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
4cffc46f65
Allow org labels to be set with issue templates () 
Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
ac97ea573c
[Vendor] Update go-redis to v8.5.0 () 
* Update go-redis to v8.4.0

* github.com/go-redis/redis/v8  v8.4.0 -> v8.5.0

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* TODO

* Use the Queue termination channel as the default context for pushes

Signed-off-by: Andrew Thornton <art27@cantab.net>

* missed one

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
ac701637b4
Add dismiss review feature () 
* Add dismiss review feature

refs:
    https://github.blog/2016-10-12-dismissing-reviews-on-pull-requests/
    https://developer.github.com/v3/pulls/reviews/#dismiss-a-review-for-a-pull-request

* change modal ui and error message

* Add unDismissReview api

Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
7d7007dca7
Added option to disable webhooks () 
* Added option to disable web hooks

This mod introduces DISABLE_WEB_HOOKS parameter in [security] section
of app.ini (by default set to false). If set to true it disables web
hooks feature. Any existing undelivered web hook tasks will be cancelled.
Any existing web hook definitions will be left untouched in db but
its delivery tasks will be ignored.

Author-Change-Id: IB#1105130

* Webhook spelling fixed

Webhook spelling fixed.

Fixes: 07df6614dc84cdd2e9f39c57577fa1062bd70012
Related: https://github.com/go-gitea/gitea/pull/13176#pullrequestreview-510868421
Author-Change-Id: IB#1105174

* Parameter description fixed

Parameter description fixed.

Fixes: 07df6614dc84cdd2e9f39c57577fa1062bd70012
Related: https://github.com/go-gitea/gitea/pull/13176#pullrequestreview-514086107
Author-Change-Id: IB#1105174
441f3f0f20
Make fileheader sticky in diffs () 
* Make fileheader sticky 

* Remove sticky filenames when width is 480px or less

On mobile phone sticky filename is hidden due to the combination
of many possible widths and lengths.

* Fix text color for .markdown-info

* Fix visual of sticky diff box on 480px or less

- Hide arrow for select buttons.
- Fix changes, additions and deletions.
With flexbox they look very broken.
This commit hides some words to, so the result is:
"123 changed files  987 additions  456 deletions"
- center text in buttons

Co-authored-by: zeripath <art27@cantab.net>
5a18712dd7
Fix PATCH /repos/{owner}/{repo} panic () 
* Fix a runtime error when modifying a repository through API call

Using the `PATCH /repos/{owner}/{repo}` endpoint and attempting to
modify `default_branch` on an empty repository will cause a
panic. This commit adds a check for a nil pointer before attempting
to dereference it.

* Apply suggestions from code review

* Apply suggestions from code review

* Ensure that the git repository is loaded

If you change the default branch for a repository you must change it in
git too. Therefore you must open the repository before changing the
default branch.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Allow empty repos to have their default branches changed

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Anton Khimich <anton.khimicha@mail.utoronto.ca>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Andrew Thornton <art27@cantab.net>
51fb0463a3
Fix truncated organization names () 
* Fix truncated organization names

Previous ellipsis implementation hid vertical overflow - image + descent line of letters.
Organization visibility in select on dashboard was not always visible.
This commit extracts classes which don't make collisions with other items on page.
9e852edc41
Add v171 (addSortingColToProjectBoard) migration for () 
* add v171 Migration for 

* NOT NULL

Co-authored-by: Lauris BH <lauris@nix.lv>
a3cc842e15
Show Gitea version in swagger () 
Show Gitea version in swagger

Co-authored-by: 6543 <6543@obermui.de>
487f2ee41c
Whitespace in commits () 
* Add whitespace to commit view

* Add whitespace to /compare/a...b

* Move repeated whitespaceFlags to gitdiff

* Add whitespace for wiki pages
5e4fa7c703
Turn default hash password algorightm back to pbkdf2 from argon2 until we found a better one () 
* Turn default hash password algorightm back to pbkdf2 from argon2 until we found a better one

* Add a warning on document
b3c2e23cbb
Prevent race in PersistableChannelUniqueQueue.Has () 
There is potentially a race with a slow starting internal
queue causing a NPE if Has is checked before the internal
queue has been setup.

This PR adds a lock on the Has() fn.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
c9f1baf620
Prevent template renderer from rendering error () 
When there is a panic during template rendering unrolled/render
will automatically render the error. This leads to the
panic being displayed in the page and not a 500 page

Fix 
Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
beb2058186
Fix broken spans in diffs () 
Gitea runs diff on highlighted code fragment for each line in order to provide
code highlight diffs. Unfortunately this diff algorithm is not aware that span tags
and entities are atomic and cannot be split.

The current fixup code makes some attempt to fix these broken tags however, it cannot
handle situations where a tag is split over multiple blocks.

This PR provides a more algorithmic fixup mechanism whereby spans and entities are
completely coalesced into their respective blocks.

This may result in a incompletely reduced diff but - it will definitely prevent the
broken entities and spans that are currently possible.

As a result of this fixup several inconsistencies were discovered in our testcases
and these were also fixed.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
d475d53c41
Fix svg spacing () 
* Add right margin to icons in menu items

* Reduce padding on user profile submenu to fit in one line by default (english)
fc4a8c2980
Allow blocking some email domains from registering an account () 
Gitea allows to whitelist email domains so that only email addresses from certain domains are allowed to register an account, but does not currently allows to do the opposite: blacklisting email domains so that addresses from certain domains are *forbidden* to register an account.

The idea has been briefly mentioned in the discussion about issue , but never implemented. This PR does that.

The rationale is that, in my experience of running a Gitea instance, *a single email domain* is responsible for *most* of the spam accounts, and for *all* of the spam accounts that manage to get past the email confirmation step. So on top of the other spam mitigation measures already available (email confirmation, CAPTCHA, etc.), having the option to block a particularly annoying domain would be helpful.

close
0a9a484e1e
Create DB session provider(based on xorm) () 
* Create Xorm session provider

This PR creates a Xorm session provider which creates
the appropriate Session table for macaron/session.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* extraneous l

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* use key instead of ID to be compatible with go-macaron/session

Signed-off-by: Andrew Thornton <art27@cantab.net>

* And change the migration too.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update spacing of imports

Co-authored-by: 6543 <6543@obermui.de>

* Update modules/session/xorm.go

Co-authored-by: techknowlogick <matti@mdranta.net>

* add xorm provider to the virtual provider

Signed-off-by: Andrew Thornton <art27@cantab.net>

* prep for master merge

* prep for merge master

* As per @lunny

* move migration out of the way

* Move to call this db session as per @lunny

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
60ef2a7c67
Add fullTextSearch to dropdowns by default () 
This PR adds `fullTextSearch: 'exact'` to most dropdown
invocations meaning that if there is a search box for the
dropdown it will automatically do a fullTextSearch looking
for the provided fragment instead of starting at the beginning

We should consider changing other places that use
`fullTextSearch: true` to `'exact'` because these will be using a
fuzzy-textual search that doesn't necessarily return the
expected results.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
66a148e398
Restore detection of branches are equal on compare page () 
Somehow the test for detecting if branches are equal broke
this PR restores this functionality.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
ad43b119a8
Add Password Algorithm option to install page () 
Add Password Algorithm option to install page

Fix  

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
fe628d8406
Vendor Update () 
* github.com/yuin/goldmark v1.3.1 -> v1.3.2

* github.com/xanzy/go-gitlab v0.42.0 -> v0.44.0

* github.com/prometheus/client_golang v1.8.0 -> v1.9.0

* github.com/minio/minio-go v7.0.7 -> v7.0.9

* github.com/lafriks/xormstore v1.3.2 -> v1.4.0

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
7ba158183a
Use cat-file --batch in GetLanguageStats () 
* Use cat-file --batch in GetLanguageStats

This PR moves to using a single cat-file --batch in GetLanguageStats
significantly reducing the number of processes spawned during language stat
processing.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update modules/git/repo_language_stats_nogogit.go

Co-authored-by: a1012112796 <1012112796@qq.com>

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
ae7e6cd474
Reduce calls to git cat-file -s () 
* Reduce calls to git cat-file -s

There are multiple places where there are repeated calls to git cat-file
-s due to the blobs not being created with their size.

Through judicious use of git ls-tree -l and slight adjustments to the
indexer code we can avoid a lot of these calls.

* simplify by always expecting the long format

* Also always set the sized field and tell the indexer the update is sized
ec06eb112c
Fix github download on migration () 
* Fix github download on migration

* Use Context for Client

Co-authored-by: zeripath <art27@cantab.net>
7ab6c77b41
Remove NULs byte arrays passed to PostProcess () 
PostProcess is supposed to be parsing and handling HTML
fragments, but on fuzzing it appears that there is a weird
issue with NUL elements that could cause a memory address
error in downstream libraries.

The simplest solution is to strip out the weird NULs - they
should not be there in any case and would be stripped out
anyway.

Signed-off-by: Andrew Thornton <art27@cantab.net>
ce0346448f
remove outdated notice in makefile () 
Co-authored-by: 6543 <6543@obermui.de>
8d5c795cc4
[API] Add Restricted Field to User () 
* Expose Restricted field for User

* Add Option to Change Restricted on User via adminEditUser API

* Add test who change restricted & test if it changed it ...

* make generate-swagger

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
c9a04cfdc8
Issue template addition: Are you using Gitea behind CloudFlare? () 
* chore: are you using Gitea behind CloudFlare

since more often than not CF appears to serve stale cache and cause
troubles, I'd argue it might be helpful to ask about it in this here
issue template

* implement suggestion: change question to comment

* as per @techknowlogick's suggestion

* chore: edit comment

* implement @mrsdizzie's suggestion
* as the comment grows, rather span multiple lines
* Gitea --> gitea to match case used in the rest of the template

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
8f05a2876b
models/repo: Fix typo in comment () 
* models/repo: Fix typo in comment

* another typo

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
6362b24a59
Fix when a commit not found returned 500 () 
Co-authored-by: Lauris BH <lauris@nix.lv>
092299891f
Move the stopwatches to the eventsource stream () 
Move the stopwatches to the eventsource stream

Use the /user/events eventsource to update the stopwatches
instead of polling /api/v1/user/stopwatches if the eventsource
is enabled.

Signed-off-by: Andrew Thornton <art27@cantab.net>
d38ae597e1
Add UI to delete tracked times () 
Co-authored-by: 6543 <6543@obermui.de>
ca9c1f822e
[docs] Fix typo in command-line.en-us.md () 
seperated -> separated

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
39aa11f9c0
fix preview status switch button on wiki editr () 
Signed-off-by: a1012112796 <1012112796@qq.com>
aa4f9180e4
Clarify the suffices and prefixes of setting.AppSubURL and setting.AppURL () 
Also removes some unnecessary uses of fmt.Sprintf and adds documentation
strings

Signed-off-by: Andrew Thornton <art27@cantab.net>
65c940f66c
Prevent endless loop if templates missing () 
Since the chi upgrade if the templates are missing an endless loop will occur if
status/500.tmpl is missing.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
f3e64f677f
Remove unused commit () 
* Remove unused commit

* a small nit

Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: a1012112796 <1012112796@qq.com>
343c756357
Heatmap days clickable () 
* Heatmap days clickable

* Error handling

* Unselect filter

* better dayclick handler

* made linter happy

* clickable heatmap for profiles

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
1f13229830
Add helper descriptions on new repo page () 
* Add helper descriptions on new repo page

Add helpers for:
  * repo description
  * .gitignore
  * license
  * README
  * default branch
  * signature trust model

Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com>

* Oops, rename trust_model_helper

To match similar helper.

trust_model_helper_intro -> trust_model_helper

Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com>
bd9361384a
Fix go get () 
* Fix go get

* Fix default branch

Co-authored-by: 6543 <6543@obermui.de>
1ecdc55aff
fix link account ui () 
Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
cd8b2f3273
Fix double alert in oauth2 application edit view () 
Signed-off-by: a1012112796 <1012112796@qq.com>
e79dae29cc
Fix repo-restore bug with poster not replaced () 
* Fix restore bug

* Fix restore bug

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
5d2b7ba639
Add EasyMDE support for release content editor () 
* Add easyMDE(simpleMDE) support for release content editor

Signed-off-by: a1012112796 <1012112796@qq.com>
61f347e349
Add environment-to-ini to docker image () 
* Add environment-to-app.ini routine

* Call environment-to-ini in docker setup scripts

* Automatically convert section vars to lower case to match documentation

* Remove git patch instructions

* Add env variable documentation to Install Docker
5cc1a49b19
Generate man pages () 
* extend gitignore

* first working draft

* use docs subcomand

* rm config-sheet-sheet-2-man
4172b1955f
Fix dashboard UI bugs and more () 
This PR fixes a few UI bugs I spontaneously encountered:

- Fixes emojis in repo titles getting head-cut and tail-cut in dashboard feed due to introduction of 1.25 em emojis at 1 em line-height, by simply using the original 1 3/7 em value of `semantic.css`
- Fixes regression (too long repo names should be capped to 70%) in  due to flex children not respecting properties like `overflow: hidden;`, and removes a block of dead style code
- Follow-up to , removes extraneous code for top navbar and correct right margin for Font Awesome
- Fixes color emphasis inversion in arc-green theme for top right buttons (edit, delete) on commit view boxes
50208e903a
Disable broken OAuth2 providers at startup () 
Instead of causing a log.Fatal, we should handle broken OAuth2
providers by disabling them.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
3d8b5ad5f3
Fix a couple of CommentAsPatch issues. () 
* CutDiffAroundLine makes the incorrect assumption that `---` and `+++` always represent part of the header of a diff.

This PR adds a flag to its parsing to prevent this problem and adds a streaming parsing technique to CutDiffAroundLine using an io.pipe instead of just sending data to an unbounded buffer.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Handle unquoted comment patch files

When making comment patches unfortunately the patch does not always quote the filename
This makes the diff --git header ambiguous again.

This PR finally adds handling for ambiguity in to parse patch

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add in testing for no error

There is no way currently for CutDiffAroundLine in this test to cause an
error however, it should still be tested.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2e8ce1eaed
Remove pt-pt from doc config file () 
Because it not has any content now. It's not necessary to
show this link on the footer.

Signed-off-by: a1012112796 <1012112796@qq.com>
cf29cb30d3
Prevent use of double sub-path and incorrect asset path in manifest () 
MakeAbsoluteAssetURL should just url join the static url prefix on to appurl
if it is not an absolute path - this is because StaticURLPrefix is an absolute
prefix not a relative prefix to the app sub url.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
3e652860bb
All organization members should be assignable as reviewer () 
For public repos, all organization members should be assignable as reviewer

Co-authored-by: zeripath <art27@cantab.net>
83cf1a894e
Create tag on ui () 
Support create single tag directly

support create tag with message from create release ui

Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
030646eea4
Set HCaptchaSiteKey on Link Account pages () 
When using HCaptcha on link account pages the site key needs to be passed
in. This PR ensures that HCaptchaSiteKey is set in the data.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
a4148c0f12
Repository transfer has to be confirmed, if user can not create repo for new owner () 
* make repo as "pending transfer" if on transfer start doer has no right to create repo in new destination

* if new pending transfer ocured, create UI & Mail notifications
6cf97df9fd
remove duplicate define of CheckAttribute() () 
Signed-off-by: a1012112796 <1012112796@qq.com>
85e6e07346
Organization removal confirmation using name not password () 
* Organization removal confirmation using name not password

Gitea is asking for user password to confirm organization
removal so this operation cannot be done in systems with
SSO authentication (where no user passwords are used).

This mod changes the way gitea confirms organization
removal - user must enter organization name (not user
password) to confirm operation (similar to repository
removal confirmation).

Author-Change-Id: IB#1107219

* Translation removed

Translation removed from PR - will be restored using Crowdin
after pull got merged.

Fixes: 95ddcdd8bd8097a952894556d42641d5ec269288
Related: https://github.com/go-gitea/gitea/pull/14738
Author-Change-Id: IB#1107219
59fd641d1f
When Deleting Repository only explicitly close PRs whose base is not this repository () 
When Deleting Repository only explicitly close PRs whose base is not this repository

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
f0e15250b9
Migrate to use jsoniter instead of encoding/json () 
* Migrate to use jsoniter

* fix tests

* update gitea.com/go-chi/binding

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
def964e57f
Make searching issues by keyword case insensitive on DB () 
Most DBs apart from SQLite will use a default Collation that is not case insensitive.
This means that SearchIssuesByKeyword becomes case sensitive for db indexing - in
contrast to the bleve and elastic indexers.

This PR simply uses UPPER(...) to do the LIKE - and although it may be more efficient
to change collations this would be a non-trivial task.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
0bdeb2b302
Add missing repo.projects unit into swagger () 
Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
59d1cc49f1
Fix paging of file commit logs () 
Unfortunately `git log revision ... --skip=x -- path` skips the number of commits
not the number of commits relating to the path.

This PR changes the function to have a reader that reads and skips the
necessary number of commits by hand instead.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
0044e80491
Add CORS config on to /login/oauth/access_token endpoint () 
Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
523efa433b
Move Bleve and Elastic code indexers to use a common cat-file --batch () 
* Extract out the common cat-file batch calls

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Move bleve and elastic indexers to use a common cat-file --batch when indexing

Signed-off-by: Andrew Thornton <art27@cantab.net>

* move catfilebatch to batch_reader and rename to batch_reader.go

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
a5279b74b6
Make manual merge autodetection optional and add manual merge as merge method () 
* Make auto check manual merge as a chooseable mod and add manual merge way on ui

as title, Before this pr, we use same way with GH to check manually merge.
It good, but in some special cases, misjudgments can occur. and it's hard
to fix this bug. So I add option to allow repo manager block "auto check manual merge"
function, Then it will have same style like gitlab(allow empty pr). and to compensate for
not being able to detect THE PR merge automatically, I added a manual approach.

Signed-off-by: a1012112796 <1012112796@qq.com>

* make swager

* api support

* ping ci

* fix TestPullCreate_EmptyChangesWithCommits

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* Apply review suggestions and add test

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* fix build

* test error message

* make fmt

* Fix indentation issues identified by @silverwind

Co-authored-by: silverwind <me@silverwind.io>

* Fix tests and make manually merged disabled error on API the same

Signed-off-by: Andrew Thornton <art27@cantab.net>

* a small nit

* fix wrong commit id error

* fix bug

* simple test

* fix test

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
1d18b76e0e
Add changelog for v1.13.3 () () 
* Add changelog for v1.13.3 ()

Add changelog for v1.13.3

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <matti@mdranta.net>

* Update Docs

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <matti@mdranta.net>
8ac1367718
[Docs] Fix how lfs data path is set () 
* fix docs: lfs data path

* DEPRECATED note

* 已废弃

* better english sentence

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
7525450232
When transfering repository and database transaction failed, rollback the renames () 
Fix 

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
144cfe5720
Fix race in local storage () 
LocalStorage should only put completed files in position

Signed-off-by: Andrew Thornton <art27@cantab.net>
9db590f2ee
Fix bug when combine label comments () 
* Fix bug when combine label comments

* Added some code comments

* More comments
20f13bfdfc
Fix a couple of issues with a feeds () 
@CirnoT spotted a couple of issues with feeds on discord.

This PR fixes both of these.
a68db9076a
Fix race in LFS ContentStore.Put(...) () 
Continuing on from 

The previous implementation has race whereby an incomplete upload or
hash mismatch upload can end up in the ContentStore. This PR moves the
validation into the reader so that if there is a hash error or size
mismatch the reader will return with an error instead of an io.EOF
causing the storage to abort the storage.

Signed-off-by: Andrew Thornton <art27@cantab.net>
beed5476e2
Prevent panic when empty MilestoneID in repo/issue/list () 
This PR adds a simple check to only test the MilestoneID if it is not empty.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
9b261f52f0
Add SameSite setting for cookies () 
Add SameSite setting for cookies and rationalise the cookie setting code. Switches SameSite to Lax by default. 

There is a possible future extension of differentiating which cookies could be set at Strict by default but that is for a future PR.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
40aca73347
Fix migration context data () 
* Unified context data.

* Changed method name.
78b7529cd4
Fix overdue marking of closed issues and milestones () 
Closed milestones and issues should only be marked overdue if they were
closed after their deadline.

Fix: 

Signed-off-by: Andrew Thornton <art27@cantab.net>
c03f530212
Make internal SSH server host key path configurable () 
* Make SSH server host key path configurable

* make it possible to have multiple keys

* Make gitea.rsa the default key

* Add some more logging

Signed-off-by: Andrew Thornton <art27@cantab.net>
eb576269d4
Re-enable import local paths after reversion from () 
PR  unfortunately disabled importing repositories from local paths.
This PR restores this functionality.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
61711143b9
Fix alignment of People and Teams right arrow on org homepage () 
Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
f061277c86
Add "captcha" to list of reserved usernames () 
Signed-off-by: Otto Richter <git@fralix.ovh>
f4ce10c6a3
Minor UI fixes () 
* disable fork button when not signed in

* fix commit body styling on PR page

* fixup! fix commit body styling on PR page
14d8cb7819
Move Workaround for into it's own function () 
* Move Workatround for  into it's own function

* use more reliable solution (as tea do)
177da717a7
[API] get pull, return head branch sha, even if deleted () 
* API: return head branch sha, even if deleted

* relax if ref not resolvable
bc423a1e84
Use correct default value () 
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
c8e5c79cfd
Add ui.explore settings to control view of explore pages (2) () 
This is an alternative PR to .

Add `[ui.explore]` settings to allow restricting the
explore pages to logged in users only and to disable the users explore page.

The two proposed settings are:

- `REQUIRE_SIGNIN_VIEW`: Only allows access to the explore pages if the
user is signed in. Also restricts
  - `/api/v1/user/search`
  - `/api/v1/users/{username}`
  - `/api/v1/users/{username}/repos`
  - but does not restrict `/api/v1/users/{username}/heatmap`
- `DISABLE_USERS_PAGE`: Disables the /explore/users page

Fix 

Close  

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
5705f72fd6
Prevent panic when editing forked repos by API () 
When editing forked repos using the API the BaseRepository needs to loaded
in order to check its visibility otherwise there will be NPE panic.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
df76d9f7ad
Show correct issues for team dashboard () 
* fix no items under /org/$org/{issues,pulls}?type=mentioned

it was filtering by org id, but org-mentions are not persisted like that
to the DB, we need to filter by UID.
This means, selecting different teams will only have an effect on the
selected repos, otherwise results will be the same, which may be
suboptimal.

fixes 

* don't spam a warning for a perfectly fine request
91ee3be588
Prevent incorrect HTML escaping in swagger.json () 
* Prevent incorrect HTML escaping in swagger.json

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* oops add it to the helper

Signed-off-by: Andrew Thornton <art27@cantab.net>

* try again

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
ccfb205ad1
Fix excluding more than two labels on issues list () 
* Fix excluding more than two labels on issues list

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* refactor DRY

* fix multiple-label filter on milestone issuelist

* Apply suggestions from code review

Co-authored-by: jaqra <48099350+jaqra@users.noreply.github.com>

* Update web_src/js/index.js

Co-authored-by: Norwin Roosen <git@nroo.de>
Co-authored-by: jaqra <48099350+jaqra@users.noreply.github.com>
42b9b46ad2
Never add labels not from this repository or organisation and remove org labels on transfer () 
* Never add labels not from this repository or organisation and remove org labels on transfer

Prevent the addition of labels from outside of the repository or
organisation and remove organisation labels on transfer.

Related 

* switch to use sql

* subquery alias

* once more around the merry go round

* fix api problem
ff1bccf3dd
Fix Anchor jumping with escaped query components () 
Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
3c7582061f
check if original author is set () 
Co-authored-by: zeripath <art27@cantab.net>
658d1bfac8
API: fix set milestone on PR creation () 
* API: fix set milestone on PR creation

pr creation via API failed with 404, because we searched
for milestoneID 0, due to uninitialized var usage D:

* add tests

* fix expected status codes

* fix tests

Co-authored-by: 6543 <6543@obermui.de>
9566c9f0c7
Re-enable listing of forks when logged out () 
* Re-enable listing of forks when logged out

* Further improvements on repo button logic
6463483ec5
Do not show full lfs file on error in git_test.go:rawTest() () 
If there is a problem uploading to LFS it is possible for the raw
endpoint to return a very large file when a pointer file is expected
This will then cause the drone logs to fill up unnecessarily with
the contents of the very large file.

If the file returned from raw is of the incorrect size we should
therefore not test it see if it contains the pointer file
and just declare that it is incorrect.

Signed-off-by: Andrew Thornton <art27@cantab.net>
164e35ead3
Make sure sibling images get a link too () 
* Make sure sibling images get a link too

Due a problem with the ast.Walker in the our transformer in goldmark
an image with a sibling image will not be transformed to gain a parent
link. This PR fixes this.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
167b0f46ef
chore(models): rewrite code format. () 
* chore: rewrite format.

* chore: update format

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

* chore: update format

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

* chore: Adjacent parameters with the same type should be grouped together

* chore: update format.
5f8478ab0a
Fix repo page language stat span color () 
Co-authored-by: Lauris BH <lauris@nix.lv>
1ae9b2a89b
Update go-enry to v2.6.1 () 
Co-authored-by: Gitea <gitea@gitea.io>
6e423d5573
Ensure validation occurs on clone addresses too () 
* Ensure validation occurs on clone addresses too

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix test

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Fix api tests

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
044cd4d016
Add reverse proxy configuration support for remote IP address () 
* Add reverse proxy configuration support for remote IP address validation

* Trust all IP addresses in containerized environments by default

* Use single option to specify networks and proxy IP addresses. By default trust all loopback IPs

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
ed31ddc29a
Fix several render issues () 
* Fix an issue with panics related to attributes
* Wrap goldmark render in a recovery function
* Reduce memory use in render emoji
* Use a pipe for rendering goldmark - still needs more work and a limiter

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
bf53cf0e04
Ensure that new pull request button works on forked forks owned by owner of the root () 
Prevent 404 on new pull request button on forked fork owned by the owner
of the root repository. Also ensure that the names make sense.

Signed-off-by: Andrew Thornton <art27@cantab.net>
d2dc182dcd
fix: {show,link to} proper PR on kanban board ref () 
the issue was that PR references in kanban boards were being generated
using `.ID` instead of `.Index`, which led to constructing incorrect
links to possibly non-existent {PR,issue}s and following that to showing
nonsensical values in the boards.

kudos also go to @zeripath for pointing at the file to fix.

Signed-off-by: wULLSnpAXbWZGYDYyhWTKKspEQoaYxXyhoisqHf <a_mirre@utb.cz>
Co-authored-by: zeripath <art27@cantab.net>
51ea8dd444
chore: bump minio to RELEASE.2021-03-12T00-00-47Z () 
* chore: bump minio to RELEASE.2021-03-12T00-00-47Z

-    image: minio/minio:RELEASE.2021-01-16T02-19-44Z
+    image: minio/minio:RELEASE.2021-03-12T00-00-47Z

Signed-off-by: wULLSnpAXbWZGYDYyhWTKKspEQoaYxXyhoisqHf <a_mirre@utb.cz>
5d57f4bcb8
sort release attachments by name () 
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
598dd21cd4
org dashboard: move teamselector left () 
Co-authored-by: zeripath <art27@cantab.net>
119d2cb6e4
Create new issue from code () 
* Feat: add reference in new issue with permalink menu for code view.

* Fix: recover index.js file.

* Add comments and redo ci.

* Fix code convention

* Fix code.

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
71aca93dec
Remove extraneous logging () 
Signed-off-by: Andrew Thornton <art27@cantab.net>
070c57867d
Fix postgres ID sequences broken by recreate-table () 
* Fix postgres ID sequences broken by recreate-table

Unfortunately there is a subtle problem with recreatetable on postgres which
leads to the sequences not being renamed and not being left at 0.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* let us try information_schema instead

Signed-off-by: Andrew Thornton <art27@cantab.net>

* try again

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: 6543 <6543@obermui.de>
e8ad6c1ff3
Do not convert file path to lowercase () 
* Do not convert file path to lowercase.

* lint

* Check against lowercase hostname.
c0c052bdbb
another clusterfuzz spotted issue () 
Signed-off-by: Andrew Thornton <art27@cantab.net>
0e5c6c4498
Fix CJK fonts again and misc. font issues () 
* Push system-ui further down the stack, fix 

* Fix Firefox showing U+300x in emoji font and more

* Revert emoji font and fix long-standing Safari bug

* Exclude Safari emoji fix above 1.25x zoom

* Minor correctness/typo fix, affects only legacy platforms

* Emoji consistency for monospace (e.g. EasyMDE)

* Override paradigm; macOS/iOS-specific metric fix

* Move whitespace fix to font-face

* Handle metric calculation errors with Firefox

* One last workaround for aliased fonts in Linux
dace0ce1b1
Prevent addition of labels from outside the repository or organisation in issues () 
* Never add labels not from this repository or organisation and remove org labels on transfer

Prevent the addition of labels from outside of the repository or
organisation and remove organisation labels on transfer.

Related 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* switch to use sql

Signed-off-by: Andrew Thornton <art27@cantab.net>

* remove AS

Signed-off-by: Andrew Thornton <art27@cantab.net>

* subquery alias

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Give me some AS?

Signed-off-by: Andrew Thornton <art27@cantab.net>

* double AS

Signed-off-by: Andrew Thornton <art27@cantab.net>

* try try again

Signed-off-by: Andrew Thornton <art27@cantab.net>

* once more around the merry go round

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix api problem

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add outside label consistency check into doctor

This PR adds another consistency check into doctor in order to detect
labels that have been added from outside of repositories and organisations

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix migration

Signed-off-by: Andrew Thornton <art27@cantab.net>

* prep for merge

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
a3a65137ba
Delete Labels & IssueLabels on Repo Delete too () 
* Doctor: find IssueLabels without existing label

* on Repo Delete: delete labels & issue_labels too

* performance nits

* Add Migration: Delete orphaned IssueLabels

* Migration v174: use Sync2

* USE sess !!!

* better func name

* code format & comment

* RAW SQL

* Update models/migrations/v176.go

* next try?
fcf2c97d39
Changelog for 1.14.0-RC1 () 
* Changelog for 1.14.0-RC1

* api

* Apply suggestions from code review

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* update

* Apply suggestions from code review

Co-authored-by: techknowlogick <matti@mdranta.net>

* Update CHANGELOG.md

Co-authored-by: techknowlogick <matti@mdranta.net>

* update

* Update CHANGELOG.md

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* Apply suggestions from code review

* Move things to SECURITY that are SECURITY

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update CHANGELOG.md

Co-authored-by: Lauris BH <lauris@nix.lv>

* Update CHANGELOG.md

* Apply suggestions from code review

Co-authored-by: Norwin <noerw@users.noreply.github.com>

* Update CHANGELOG.md

Co-authored-by: Kyle D. <kdumontnu@gmail.com>

* sort

* Update CHANGELOG.md

Co-authored-by: Kyle D. <kdumontnu@gmail.com>

* :gitea: 🚀

* Update date

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Norwin <noerw@users.noreply.github.com>
Co-authored-by: Kyle D. <kdumontnu@gmail.com>
cf549500e0
Fix bug when upload on web () 
* Fix bug when upload on web

* move into own function

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
d05539eb3e
Fix markdown rendering in milestone content () 
- Add missing markdown class for rendered markdown.
- Increase font size of milestone name in list.

Fixes: https://github.com/go-gitea/gitea/issues/15046
9ed9ed9ae0
Update to goldmark 1.3.3 () 
Signed-off-by: Andrew Thornton <art27@cantab.net>
78e8f62706
[Refactor] remove possible resource leak () 
* move "copy uploaded lfs files 2 repo" to own function for "defer file.Close()"

* rm type overload

* Update modules/repofiles/upload.go

Co-authored-by: zeripath <art27@cantab.net>
17731e05ff
fix double 'push tag' action feed () 
Signed-off-by: a1012112796 <1012112796@qq.com>
46782d53bc
Place wrapper around comment as diff to catch panics () 
There are a few recurrent issues with comment as diff reporting panics that are resistant to fixing due to the fact that the panic occurs in the template render and is swallowed by the template renderer.

This PR just adds some logging to force the panic to properly logged and re-propagates back up to the template renderer so we can actually detect what the issue is.

Signed-off-by: Andrew Thornton art27@cantab.net
98c8513db2
Changelog v1.13.5 () () 
* Changelog v1.13.5 ()

* fix unrel. nit
4fd6e82198
Fix lock modal content rendering outside modal () 
* Fix lock modal content rendering outside modal

The .content was not a child to .modal so was rendering outside. This is
a recent regression but I'm not certain when it was introduced.

* remove extraneous closing div
a587a28434
Fix another clusterfuzz identified issue () 
* Fix another clusterfuzz identified issue

Signed-off-by: Andrew Thornton <art27@cantab.net>
1a03fa7a4f
Update JS dependencies () 
* Update JS dependencies

- Update all JS dependencies
- For octicons, rename trashcan to trash
- For svgo, migrate to v2 api, output seems to have slightly changed but icons look the same
- For stylelint, update config, fix custom property duplicates
- For monaco, drop legacy Edge support
- For eslint, enable new rules, fix new issues
- For less-loader, remove deprecated import syntax

* update svgo usage in generate-images and rebuild logo.svg with it
8567cba0d9
Implement delete release attachments and update release attachments' name () 
* Implement delete release attachment

* Add attachments on release edit page

* Fix bug

* Finish del release attachments

* Fix frontend lint

* Fix tests

* Support edit release attachments

* Added tests

* Remove the unnecessary parameter isCreate from UpdateReleaseOrCreatReleaseFromTag

* Rename UpdateReleaseOrCreatReleaseFromTag to UpdateRelease

* Fix middle align
5f038cd7fe
[Vendor] update gitea-sdk v0.14.0 () 
* upgraded code.gitea.io/sdk/gitea v0.13.2 => v0.14.0

* rm workaround
dfb3e50dce
Fix the v176 migration () 
There is a serious issue with the v176 migration where there is a mistaken missing
label_id selection.

*introduced by #14912*

Signed-off-by: Andrew Thornton <art27@cantab.net>
405969c541
Remove raw-loader dependency () 
Webpack now includes this functionality, allowing us to drop this
now-deprecated dependency.

Ref: https://webpack.js.org/guides/asset-modules/
Ref: https://webpack.js.org/loaders/raw-loader/
687e2dfa55
Fix consistency check () 
In my last fix I missed adding the label_ prefix to the
consistency check count.

Signed-off-by: Andrew Thornton <art27@cantab.net>
750ac52db2
Fix Migration 176 yet again () 
* Fix Migration 176 yet again

Whilst creating a test for v176 in the migrations_test PR
it has become clear that this was still wrong.

This is now fixed. Genuinely.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* and fix repo transfer

Signed-off-by: Andrew Thornton <art27@cantab.net>
39ef6f83d5
Create Proper Migration Tests () 
* Create Proper Migration tests

Unfortunately our testing regime has so far meant that migrations do not
get proper testing.

This PR begins the process of creating migration tests for this.

* Add test for v176

* fix mssql drop db

Signed-off-by: Andrew Thornton <art27@cantab.net>
f2844b7583
Fix wrong user returned in API () 
The API call: GET /repos/{owner}/{repo}/pulls/{index}/reviews/{id}/comments
returns always the reviewer, but should return the poster.

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
b68eb54f95
Clusterfuzz found another way () 
Clusterfuzz found another way so I found another way to stop it

Signed-off-by: Andrew Thornton <art27@cantab.net>
290cf75f93
[refactor] Unify the export of user data via API () 
* [refactor] unify how user data is exported via API

* test time via unix timestamp
e7609929c1
Expose resolver via API () 
* Expose resolver via API
82d1a7fb17
Update repository size on cron gc task () 
git gc cron could change the size of the repository therefore we should update the
size of the repo stored in our database.

Also significantly improve the efficiency of counting lfs associated with the
repository
3273fb9af1
use level config in main section when subsection not set level () 
in previouse if a log subsetcion not set level
it will use ``info`` as default value.

this pr will make default value (``[log] -> LEVEL``) useable.

example config:
```INI
[log]
MODE = console
LEVEL = Trace

[log.console]
LEVEL =
STDERR = false
```

previous result:
```JSON
// console:
{
  "level": "info",
  ...................
}
```

after change:

```JSON
// console:
{
  "level": "track",
  ...................
}
```

Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
2b9e0b4d1b
should run RetrieveRepoMetas() for empty pr () 
Signed-off-by: a1012112796 <1012112796@qq.com>
c1ca4a8313
Improve /api/v1/repos/issues/search by just getting repo ids () 
/api/v1/repos/issues/search is a highly inefficient search which is unfortunately
the basis for our dependency searching algorithm. In particular it currently loads
all of the repositories and their owners and their primary coding language all of
which is immediately thrown away.

This PR makes one simple change - just get the IDs.

Related 
Related 

Signed-off-by: Andrew Thornton <art27@cantab.net>
0c6137617f
Add Tabular Diff for CSV files () 
Implements request  The rendering of CSV files does match the diff style.

* Moved CSV logic into base package.

* Added method to create a tabular diff.

* Added CSV compare context.

* Added CSV diff template.

* Use new table style in CSV markup.

* Added file size limit for CSV rendering.

* Display CSV parser errors in diff.

* Lazy read single file.

* Lazy read rows for full diff.

* Added unit tests for various CSV changes.
cce006b857
Fix webhook delivery and issue checklist for arc-green () 
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
d099f0858f
Remove file-loader dependency () 
- Upgrade webpack to 5.28 to enable publicPath option
- Use asset modules in place of deprecated file-loader

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
f5b6dc9759
add 'fonts' into 'KnownPublicEntries' () 
fix 

Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
1b762fc5d8
Remove vendored copy of fomantic-dropdown () 
jQuery 3.6.0 seems to have broke the dropdown focus handling (focus
would get stuck on the dropdown) in this module which we have vendored
on top of fomantic for accessibility improvements.

Either downgrading jQuery to 3.5.1 or removing the vendor copy seems to
resolve the issue and I opted for removing the copy because I think such
changes should be done upstream and the removal also lightens the JS by
155kB before minify/gzip.

Fixes: https://github.com/go-gitea/gitea/issues/15172

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
79ac7468dc
Fix documentation for the fallback mail subject () 
The documentation for the [fallback mail subject](d989247bb0/services/mailer/mail_issue.go (L14-L16)) was missing `{{}}` around `.Issue.Index`.
113c1557ff
Fix regression from - use debug SVC handler only on interactive sessions () 
Unfortunately  changed from the deprecated IsInteractiveSession to
IsWindowsService without recognising that they are the complement of
each other.

This means that Windows SVC control is not working correctly. This PR
adds some Tracing statements but also fixes the bug.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
aee5ef0051
Diff box fixes () 
- Fix misaligned "Show Outdated" buttons via flexbox
- Add hover effect to "Show Outdated" buttons
- Remove overreaching margin from selector .diff-file-box and handle
  cases individually.

Fixes: https://github.com/go-gitea/gitea/issues/15097

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
007fb00c0e
response 404 for diff/patch of a commit that not exist () 
* response 404 for diff/patch of a commit that not exist

fix 

Signed-off-by: a1012112796 <1012112796@qq.com>

* Update routers/repo/commit.go

Co-authored-by: silverwind <me@silverwind.io>

* use ctx.NotFound()

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: silverwind <me@silverwind.io>
43fb4921e3
response simple text message for not html request when 404 () 
* response simple text message for not html request when response 404

Signed-off-by: a1012112796 <1012112796@qq.com>
ff460ca74d
Speed up `enry.IsVendor` () 
`enry.IsVendor` is kinda slow as it simply iterates across all regexps.
This PR ajdusts the regexps to combine them to make this process a
little quicker.

Related 

Signed-off-by: Andrew Thornton <art27@cantab.net>
a351b22dc0
Prevent NPE in CommentMustAsDiff if no hunk header () 
I do not understand how this can happen or why.

There is an apparent possibility for a comment.Patch to be missing a hunk header
- this should not happen and do not understand how. But it appears to happen on
1.13 at least in some case.

This PR will simply add a new section if the cursection is empty
thus preventing the NPE.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
bc1f2117f1
Fix graph pagination () 
* Fixed invalid HTML tag.

* Fixed pagination.

* Update templates/repo/graph/commits.tmpl

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
42efa14f51
Introduce esbuild on webpack () 
* Vendor node mods as cache; fix esbuild/fomantic offline build

* Fix --exclude; use bsdtar for consistent globbing

* Fall back to GNU tar; forward-compatible for APT 2.0

* Avoid having extd. attrs with bsdtar

* Dependency and misc. optimizations

* Remove extra code after esbuild-loader update

Co-authored-by: Mike L <cl.jeremy@qq.com>
cc2d540092
Fix release expansion issue () 
* Fix release expansion issue

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix cache statement too

Signed-off-by: Andrew Thornton <art27@cantab.net>

* and update the npmrcs

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per @silverwind

Co-authored-by: silverwind <me@silverwind.io>

Co-authored-by: silverwind <me@silverwind.io>
80d6c6d7de
[refactor] mailer service () 
* Unexport SendUserMail

* Instead of "[]*models.User" or "[]string" lists infent "[]*MailRecipient" for mailer

* adopt

* code format

* TODOs for "i18n"

* clean

* no fallback for lang -> just use english

* lint

* exec testComposeIssueCommentMessage per lang and use only emails

* rm MailRecipient

* Dont reload from users from db if you alredy have in ram

* nits

* minimize diff

Signed-off-by: 6543 <6543@obermui.de>

* localize subjects

* linter ...

* Tr extend

* start tmpl edit ...

* Apply suggestions from code review

* use translation.Locale

* improve mailIssueCommentBatch

Signed-off-by: Andrew Thornton <art27@cantab.net>

* add i18n to datas

Signed-off-by: Andrew Thornton <art27@cantab.net>

* a comment

Co-authored-by: Andrew Thornton <art27@cantab.net>
d0c9b3e208
Branch page and misc css improvements () 
- Improve branches page, increase icon size, use octicons, use css vars
- Style placeholder color via css var
- Slightly increase contrast of input fields and active/hover states
- Add styling for select boxes in arc-green
3cc7d27b6f
Close file on invalid range () 
* Close file on invalid range.

* Close on seek error

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
0bb8bd8190
Add size to Save function () 
Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
48ef04ee56
Drop the event source if we are unauthorized () 
A previous commit that sent unauthorized if the user is unauthorized
simply leads to the repeated reopening of the eventsource. #

This PR changes the event returned to tell the client to close the
eventsource and thus prevents the repeated reopening.

Signed-off-by: Andrew Thornton <art27@cantab.net>
e9fba18a26
Fix typo in app.example.ini () 
seperated -> separated

Co-authored-by: zeripath <art27@cantab.net>
16dea6cebd
[refactor] replace int with httpStatusCodes () 
* replace "200" (int) with "http.StatusOK" (const)

* ctx.Error & ctx.HTML

* ctx.JSON Part1

* ctx.JSON Part2

* ctx.JSON Part3
04196b7658
Update to bluemonday-1.0.6 () 
Signed-off-by: Andrew Thornton <art27@cantab.net>
1ba8b95eb4
Update JS dependencies () 
- Update all JS dependencies to latest version, no functional changes.
- Remove unused direct dependencies core-js and terser-webpack-plugin.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: 6543 <6543@obermui.de>
5f18404045
Close file on invalid range (Addition to ) () 
* Close file on invalid range.

* Close on seek error

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Moved 'Seek' into server.

* io.ReadSeekCloser is only available in Go 1.16

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
b101fa83a6
Fix bug in Wrap () 
Whilst doing other work I have noticed that there is an issue with Wrap when passing an
http.Handler - the next should be the next handler in line not empty.

Signed-off-by: Andrew Thornton <art27@cantab.net>
8be2cc4fc7
Reduce memory usage in testgit () 
* reduce memory use in rawtest

* just use hashsum for diffs

Signed-off-by: Andrew Thornton <art27@cantab.net>
fa3895ce81
Move modules/forms to services/forms () 
Forms are dependent on models and therefore should be in services.

This PR also removes the old auth. aliasing

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
426ebbfc3b
Fix CanCreateRepo check () 
Signed-off-by: jolheiser <john.olheiser@gmail.com>
298d56fe8b
[Frontport] Changelog (v1.13.6, v1.13.7, v1.14.0-rc2) () 
* Changelog v1.13.7 ()

* Update Changelog ()

* update

* next

* RC2

* Update Docs Version
05b7e32829
Fix handling of logout event () 
It appears that there is a slight bug in the handling of the data of logout event -
the javascript should be testing the data field of the data field for the logout
instruction.

Signed-off-by: Andrew Thornton <art27@cantab.net>
4eea819b24
Monaco improvements () 
- Create theme at runtime which follows the CSS variables of the site
- Disable a few opinionated Monaco defaults like minimap and word highlights
- Move styles to separate file

Co-authored-by: zeripath <art27@cantab.net>
0d1a5e0ffc
Add frontend testing, require node 12 () 
- Add basic frontend unit testing infrastructure using jest in ESM mode
- Rename 'make test' to 'make test-backend'
- Introduce 'make test-frontend' and 'make test' that runs both
- Bump Node.js requirement to v12. v10 will be EOL in less than a month.
- Convert all build-related JS files to ESM.

I opted to run frontend tests run as part of the compliance pipeline because
they complete fast and are not platform-specific like the golang tests.
fa06e98553
Add dashboard milestone search and repo milestone search by name () 
Feature for issue :
 - Add milestones search by name on dashboard milestones page.
 - Add milestones search by name on repo issue/milestones page.
e8693eb328
Prepend AppSubUrl to links for default avatar () 
Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
b62bd8e7c0
Disable cssnano's colormin plugin () 
It produces odd rgba values which also seem to cause issues in monaco's
color parser where the scoll shadow went red for some reason.

Regression by: https://github.com/go-gitea/gitea/pull/15333
f544414a23
Show diff on rename with diff changes () 
More recent versions of git have increased support for detection of renames meaning
that a rename with diff changes is now supported.

Although ParsePatch supports this - our templates do not and the simplest solution
is simply to show the diff.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
c03e488e14
Add LFS Migration and Mirror () 
* Implemented LFS client.

* Implemented scanning for pointer files.

* Implemented downloading of lfs files.

* Moved model-dependent code into services.

* Removed models dependency. Added TryReadPointerFromBuffer.

* Migrated code from service to module.

* Centralised storage creation.

* Removed dependency from models.

* Moved ContentStore into modules.

* Share structs between server and client.

* Moved method to services.

* Implemented lfs download on clone.

* Implemented LFS sync on clone and mirror update.

* Added form fields.

* Updated templates.

* Fixed condition.

* Use alternate endpoint.

* Added missing methods.

* Fixed typo and make linter happy.

* Detached pointer parser from gogit dependency.

* Fixed TestGetLFSRange test.

* Added context to support cancellation.

* Use ReadFull to probably read more data.

* Removed duplicated code from models.

* Moved scan implementation into pointer_scanner_nogogit.

* Changed method name.

* Added comments.

* Added more/specific log/error messages.

* Embedded lfs.Pointer into models.LFSMetaObject.

* Moved code from models to module.

* Moved code from models to module.

* Moved code from models to module.

* Reduced pointer usage.

* Embedded type.

* Use promoted fields.

* Fixed unexpected eof.

* Added unit tests.

* Implemented migration of local file paths.

* Show an error on invalid LFS endpoints.

* Hide settings if not used.

* Added LFS info to mirror struct.

* Fixed comment.

* Check LFS endpoint.

* Manage LFS settings from mirror page.

* Fixed selector.

* Adjusted selector.

* Added more tests.

* Added local filesystem migration test.

* Fixed typo.

* Reset settings.

* Added special windows path handling.

* Added unit test for HTTPClient.

* Added unit test for BasicTransferAdapter.

* Moved into util package.

* Test if LFS endpoint is allowed.

* Added support for git://

* Just use a static placeholder as the displayed url may be invalid.

* Reverted to original code.

* Added "Advanced Settings".

* Updated wording.

* Added discovery info link.

* Implemented suggestion.

* Fixed missing format parameter.

* Added Pointer.IsValid().

* Always remove model on error.

* Added suggestions.

* Use channel instead of array.

* Update routers/repo/migrate.go

* fmt

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
9a2553920f
Fix button border issue () 
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
147826a577
[API] pull notification subject status: add "merged" () 
Current subject status can be "", "open" and "closed". This add "merged" to it.
7088bcf61b
Fix Dropzone following () 
* Fix Dropzone following 

 appears to have caused a change in the way Dropzone is imported - and it
now produces a module rather than the constructor.

This PR rather hackily just adds another Dropzone call to the result.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* use destructured export

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: 6543 <6543@obermui.de>
0991f9aa42
Stop packaging node_modules in release tarballs () 
- Don't package node_modules in tarballs, they are not cross-platform
  anymore and npm cache should not be messed with directly. Instead,
  require an internet connection to rebuild the UI, which is not necessary
  in the general use case because prebuilt UI files are shipped in the
  public directory.
- Simplify the fomantic build and make the target phony. We don't need
  anything more for something that is rarely ran.
- Use regular tar again to build tarballs and add variable for excludes
- Disable annoying npm update notifications

Fixes: https://github.com/go-gitea/gitea/pull/14578
Fixes: https://github.com/go-gitea/gitea/pull/15256
Fixes: https://github.com/go-gitea/gitea/pull/15262

Co-authored-by: 6543 <6543@obermui.de>
9c4601bdf8
Code Formats, Nits & Unused Func/Var deletions () 
* _ to unused func options

* rm useless brakets

* rm trifial non used models functions

* rm dead code

* rm dead global vars

* fix routers/api/v1/repo/issue.go

* dont overload import module
9d2c251214
Move FCGI req.URL.Path fix-up to the FCGI listener () 
Simplify the web.go FCGI path by moving the req.URL.Path fix-up to listener

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
3dc099773d
Fix mirror_lfs source string in en-US locale () 
The mirror_lfs source string was set to "Large File System" instead of "Large File Storage"

This has been fixed
afa781bf20
Dropzone styling improvements () 
* Dropzone styling improvements

- Move all dropzone styles to separate file
- Fix white background in arc-green
- Fix rendering of non-square images and previews

* increase thumbnail quality, set contain in js, replace blur effect with opacity
013657ec76
Use semantic dropdown for code search query type () 
Add comments to CSS rules

Co-authored-by: zeripath <art27@cantab.net>
b9ed3cbc26
Upgrade to bluemonday 1.0.7 () 
* Upgrade to bluemonday 1.0.7

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* resolve unit test

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
216976247c
Remove usage of JS globals () 
Refactor the exported globals in index.js to JS-initialized event
handlers.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
136a20926c
Turn RepoRef and RepoAssignment back into func(*Context) () 
Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
9a0858cecf
SHA in merged commit comment should be rendered ui sha () 
* SHA in merged commit comment should be rendered ui sha

On a PR page the sha of the merge commit should be rendered in monospace
as a SHA. Also fixes an issue with the manually merged string.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* issues.force_push_codes needs this too.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
e375cbfd46
rsponse 404 when delete not exist email () 
fix 

Signed-off-by: a1012112796 <1012112796@qq.com>
84f5a0bc62
Always set the merge base used to merge the commit () 
The issue is that the TestPatch will reset the PR MergeBase - and it is possible for TestPatch to update the MergeBase whilst a merge is ongoing. The ensuing merge will then complete but it doesn't re-set the MergeBase it used to merge the PR.

Fixes the intermittent error in git test.

Signed-off-by: Andrew Thornton art27@cantab.net
c680eb2cc7
Links in markdown should be absolute to the repository not the server () 
* Links in markdown should be absolute to the repository not the server

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* match github

Signed-off-by: Andrew Thornton <art27@cantab.net>

* add testcase

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
1fc1d60517
Fix delete nonexist oauth application 500 and prevent deadlock () 
* Fix delete nonexist oauth application 500

* Fix test

* Close the session

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update integrations/api_oauth2_apps_test.go

* Fix more missed sess.Close

* Remove unnecessary blank line

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
d848098f60
Enforce tab indentation in templates () 
* Enforce tab indendation in templates

This adds editorconfig-checker [1] to lint the template files so they
conform the editorconfig files. I fixed all current identation issues
using the fix mode of eclint [2] and some manual corrections.

We can extend this linting to other files later, for now I'd like this
PR to focus on HTML template files only.

[1] https://github.com/editorconfig-checker/editorconfig-checker
[2] https://github.com/jedmao/eclint

* fix indendation

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
18efe9a023
Changelog v1.14.0 () () 
* Changelog v1.14.0 ()

* clean & merge & update v1.14.0 changelog

* backport v1.13.x changelogs

* update latest gitea version
63411309fb
add some reponse status on api docs () 
Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: 6543 <6543@obermui.de>
8171478d1d
Standardise icon on projects PR page () 
Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
6d2866f20c
dump: Add option to skip LFS/attachment files () 
* Add option to skip dumping LFS/attachment files

* Fix fmt issues

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
a35a5b225c
Add ETag header () 
* Add ETag header.

* Comply with RFC 7232.

* Moved logic into httpcache.go

* Changed name.

* Lint

* Implemented If-None-Match list.

* Fixed missing header on *

* Removed weak etag support.

* Removed * support.

* Added unit test.

* Lint

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
26e16e4ee4
docs: rm deprecated docs regarding environment variable usage in docker image () 
* docs: rm deprecated docs regarding environment variable usage in docker image

* Update docs/content/doc/installation/with-docker.en-us.md

Co-authored-by: silverwind <me@silverwind.io>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: silverwind <me@silverwind.io>
51313fbb63
Clone panel fixes () 
- Use <button> over <div> for a button
- Fix absent border-right on wiki
- Fix absent border-radius on wiki

Co-authored-by: 6543 <6543@obermui.de>
27f9bda769
Prevent NPE on avatar direct rendering if federated avatars disabled () 
 assumed that direct avatar urls would always be libravatar urls - this leads
to NPEs if federated avatar service is disabled.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
bf3e584de2
Fix repository search () 
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
cd79fbf94a
v172 migration adds created_unix field instead of expiry () 
The Session table must have an Expiry field not a created_unix field - somehow
this migration adds the incorrect named field leading to  reports.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
55eb1745bd
OAuth2 auto-register () 
* Refactored handleOAuth2SignIn in routers/user/auth.go

The function handleOAuth2SignIn was called twice but some code path could only
be reached by one of the invocations. Moved the unnecessary code path out of
handleOAuth2SignIn.


* Refactored user creation

There was common code to create a user and display the correct error message.
And after the creation the only user should be an admin and if enabled a
confirmation email should be sent. This common code is now abstracted into
two functions and a helper function to call both.

* Added auto-register for OAuth2 users

If enabled new OAuth2 users will be registered with their OAuth2 details.
The UserID, Name and Email fields from the gothUser are used.
Therefore the OpenID Connect provider needs additional scopes to return
the coresponding claims.

* Added error for missing fields in OAuth2 response

* Linking and auto linking on oauth2 registration

* Set default username source to nickname

* Add automatic oauth2 scopes for github and google

* Add hint to change the openid connect scopes if fields are missing

* Extend info about auto linking security risk

Co-authored-by: Viktor Kuzmin <kvaster@gmail.com>
Signed-off-by: Martin Michaelis <code@mgjm.de>
8e2a8efd84
Prevent superfluous response.WriteHeader () 
This PR simply checks the status before writing the header.

Signed-off-by: Andrew Thornton <art27@cantab.net>
1ee776970a
Fix ambiguous argument error on tags () 
There is a weird gotcha with GetTagCommitID that because it uses git rev-list
can cause an ambiguous argument error.

This PR simply makes tags use the same code as branches.

Signed-off-by: Andrew Thornton <art27@cantab.net>
08ba895c2b
fix wrong file link in code search page () 
in previous the grenrated link is
``testg/testrepo/src/commit/....``
which is not right.

the right version is ``/testg/testrepo/.......``
(start wiht ``/``)
or ``http://127.0.0.1:3000/xxxxx`` (full link)

to make it hase same result with explore page
I choose the secound style.

fix 

Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: 6543 <6543@obermui.de>
078df7a392
quick fix () 
Signed-off-by: jolheiser <john.olheiser@gmail.com>
1426601cf7
Use index of the supported tags to choose user lang () 
Fix .

The previous implementation used the first return value of matcher.Match, which is the chosen language tag but may contain extensions such as de-DE-u-rg-chzzzz.

As mentioned in the documentation of language package, matcher.Match also returns the index of the supported tags, so I think it is better to use it rather than manipulate the returned language tag.
61bae620c1
Build go-git variants for windows () 
It appears that there are significant performance problems with the pure git backend
on windows.

Therefore until we can sort this out - provide go-git backend builds.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
f7830041f4
Make build scripts compatible with node 12 () 
* Make build scripts compatible with node 12

"fs/promises" is not in node 12, use a more compatible way to import it.
Also, lock major down versions of the image build dependencies to
prevent future surprises.

* add node_modules dependency
217b5c150f
Query the DB for the hash before inserting in to email_hash () 
Some postgres users have logging which logs even failed transactions. So
just query the db before trying to insert.

Fix 

Signed-off-by: Andrew Thornton art27@cantab.net
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
f44543a1bb
Disable Stars config option () 
* Add config option to disable stars

* Replace "stars" with watched in user profile

* Add documentation
92c09a90f7
Fix bug clone wiki () 
Fix 

Co-authored-by: Lauris BH <lauris@nix.lv>
953f39822b
Fix: npx webpack make: *** [Makefile:699: public/js/index.js] Error -… () 
* Fix: npx webpack make: *** [Makefile:699: public/js/index.js] Error -1073741819

* Update webpack.config.js

Co-authored-by: silverwind <me@silverwind.io>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: silverwind <me@silverwind.io>
6a7090b41d
Fix missing icons and colorpicker when mounted on suburl () 
* Fix missing icons and colorpicker when mounted on suburl

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per silverwind

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
024ef3940f
add well-known config for OIDC () 
* add well-known config for OIDC

* spacing per feedback

* Update oidc_wellknown.tmpl

* add id_token

* Update oidc_wellknown.tmpl

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
c29e85228f
frontport: 1.14.1 changelog () 
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
a67861b4dc
Fix Benchmark tests, remove a broken one & add two new () 
* Benchmark Integration TESTS

* CI: add benching-arm64 pipeline

* BenchmarkRepo: name test case tests

* Fix BenchmarkRepoBranchCommit beside Create new Branch

* CI: benching use amd64

* rm total broken "BenchmarkRepo"

* dont run benchmark in CI
c29620c05f
Add tests for clone from wiki () 
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
324cff68c9
Send size to /avatars if requested () 
If an avatar is requested in a particular size ensure that /avatars also gets the size request

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
b1e138511b
Prevent migration 156 failure if tag commit missing () 
It is possible that tag commits could be deleted or missing from repos. This causes
migration 156 to fail and breaks upgrade.

This PR simply logs the failure.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
9d99f6ab19
Refactor renders () 
* Refactor renders

* Some performance optimization

* Fix comment

* Transform reader

* Fix csv test

* Fix test

* Fix tests

* Improve optimaziation

* Fix test

* Fix test

* Detect file encoding with reader

* Improve optimaziation

* reduce memory usage

* improve code

* fix build

* Fix test

* Fix for go1.15

* Fix render

* Fix comment

* Fix lint

* Fix test

* Don't use NormalEOF when unnecessary

* revert change on util.go

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* rename function

* Take NormalEOF back

Co-authored-by: zeripath <art27@cantab.net>
2242f381e6
Added OpenAPI document link to usage () 
* Added OpenAPI document link to usage

The OpenAPI document at /api/swagger.v1.json needs an obvious reference.  Sadly, I am English monolingual, so someone else is going to have to do the other languages.  In the mean time, this PR should help anyone looking for the file.

* Update docs/content/doc/developers/api-usage.en-us.md

Co-authored-by: a1012112796 <1012112796@qq.com>

Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
5e85cdad29
Project board improvements () 
* Project board improvements

- Fix link colors
- Extract CSS to own file
- Various minor tweaks to make it look better

Fixes: https://github.com/go-gitea/gitea/issues/15424
Fixes: https://github.com/go-gitea/gitea/issues/15506
Fixes: https://github.com/go-gitea/gitea/pull/15511

* fix squashed cards on small view area

* more css fixes, add second row from issue list

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2255afffad
Fix lfs management find () 
Fix 

* Do not do 40byte conversion within ParseTreeLine
* Missed a to40ByteSHA

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
1cd8d0ca0e
Fix NPE on view commit with notes () 
Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
df416f2414
Add placeholder text to deploy key textarea () 
* Add placeholder text to deploy key textarea

Related 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update templates/repo/settings/deploy_keys.tmpl

* Update templates/repo/settings/deploy_keys.tmpl
f719ffc783
If the default branch is not present do not report error on stats indexing () 
* If the default branch is not present do not report error on stats indexing

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per lunny

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
445e47b692
Bump unrolled/render to v1.1.0 () 
v1.1.0 has improved buffer pooling
d6a33cef23
If the default branch is not present do not report error on stats indexing (follow-up of ) () 
 doesn't completely fix this problem because the error returned is an ObjectNotExist
error not a BranchNotExist error.

Add test for ErrObjectNotExist too

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
8ea1d32bea
[Vendor] update certmagic () 
* update github.com/caddyserver/certmagic v0.12.0 -> v0.13.0

* migrate
834fc74873
Raw file view tweaks () 
- Limit SVG images to 600px width
- Adjust size of view toggle buttons to match other buttons
- Make Edit/Delete buttons easier to click

Had to create a separate CSS file because the less parser can not parse
CSS4 case-insensitive attribute selectors which are widely supported by
browsers.

Fixes: https://github.com/go-gitea/gitea/issues/15515
792b4dba2c
[Vendor] Update directly used dependencys () 
* update github.com/blevesearch/bleve v2.0.2 -> v2.0.3

* github.com/denisenkom/go-mssqldb v0.9.0 -> v0.10.0

* github.com/editorconfig/editorconfig-core-go v2.4.1 -> v2.4.2

* github.com/go-chi/cors v1.1.1 -> v1.2.0

* github.com/go-git/go-billy v5.0.0 -> v5.1.0

* github.com/go-git/go-git v5.2.0 -> v5.3.0

* github.com/go-ldap/ldap v3.2.4 -> v3.3.0

* github.com/go-redis/redis v8.6.0 -> v8.8.2

* github.com/go-sql-driver/mysql v1.5.0 -> v1.6.0

* github.com/go-swagger/go-swagger v0.26.1 -> v0.27.0

* github.com/lib/pq v1.9.0 -> v1.10.1

* github.com/mattn/go-sqlite3 v1.14.6 -> v1.14.7

* github.com/go-testfixtures/testfixtures v3.5.0 -> v3.6.0

* github.com/issue9/identicon v1.0.1 -> v1.2.0

* github.com/klauspost/compress v1.11.8 -> v1.12.1

* github.com/mgechev/revive v1.0.3 -> v1.0.6

* github.com/microcosm-cc/bluemonday v1.0.7 -> v1.0.8

* github.com/niklasfasching/go-org v1.4.0 -> v1.5.0

* github.com/olivere/elastic v7.0.22 -> v7.0.24

* github.com/pelletier/go-toml v1.8.1 -> v1.9.0

* github.com/prometheus/client_golang v1.9.0 -> v1.10.0

* github.com/xanzy/go-gitlab v0.44.0 -> v0.48.0

* github.com/yuin/goldmark v1.3.3 -> v1.3.5

* github.com/6543/go-version v1.2.4 -> v1.3.1

* do github.com/lib/pq v1.10.0 -> v1.10.1 again ...
bee8ce342f
Fix go-fuzz () 
* Fix go-fuzz

followup of https://github.com/go-gitea/gitea/pull/15175

* simplify

* enhance
ea40eb749b
Resolve panic on failed interface conversion in migration v156 () 
go panics otherwise with `panic: interface conversion: error is git.ErrNotExist, not *git.ErrNotExist`, thanks to Codeberg/Andi for reporting this.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
ec69f34726
Update JS dependencies () 
* Update JS dependencies

- Update all JS dependencies
- Regenerate SVGs
- Remove unused postcss dependency
- Remove removed webpack option

* re-add postcss

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
6ea6e2b4eb
Update config-cheat-sheet.en-us.md () 
Add more guide about `PROVIDER_CONFIG` when `PROVIDER` is `db` (https://github.com/go-gitea/gitea/issues/14016)
3d5bb3e6a3
fix webhook timeout bug () 
* Also fix the potential problem in httplib
b07938be5b
Fix commit graph author link () 
The author link on the commit graph is incorrect and isn't providing a link to the author.

Signed-off-by: Andrew Thornton <art27@cantab.net>
f31443d6a8
not update updated uinx for `git gc` () 
fix 

Signed-off-by: a1012112796 <1012112796@qq.com>
cc7d118b12
Remove x-ua-compatible header () 
The header is deprecated since IE 11 so it only serves to support IE 10
and below which are browsers which are long unsupported now.
1e877613bf
add `/assets` as root dir of public files () 
* add `/assets` as root dir of public files

Signed-off-by: a1012112796 <1012112796@qq.com>

* move serviceworker.js

* make fmt

* fix some link

* fix test

* Apply suggestions from code review

Co-authored-by: silverwind <me@silverwind.io>

* Apply suggestions from code review

Co-authored-by: silverwind <me@silverwind.io>

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2c57352a30
Remove spurious set name from eventsource.sharedworker.js () 
Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
f67e36097a
fix(settings): misaligned buttons () 
Co-authored-by: 6543 <6543@obermui.de>
d576126286
Remove random password in Dockerfiles () 
* Remove random password of git user in dockerfile

* Disable git user account in rootless dockerfile
2e85165349
Delete protected branch if repository gets removed () 
* Added missing error parameters.

* Delete protected branch if repository gets removed.

* Added doctor fix.
1456978246
Added missing prefix on install route. () 
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
f5eb33c354
Fix orphaned objects deletion bug () 
* Fix orphaned objects deletion bug

* extend test

Co-authored-by: 6543 <6543@obermui.de>
ee3fb92419
Delete references if repository gets deleted () 
* Remove DeletedBranch and LFSLocks.

* Sort beans.

Co-authored-by: zeripath <art27@cantab.net>
7670c1c99e
Fixed several activation bugs () 
* Removed unneeded form tag.

* Fixed typo.

* Fixed NPE.

* Use better error page.

* Splitted GET and POST.
ae6d7860be
add cron job to delete old actions from database () 
that's a way to save database storage space.

Signed-off-by: a1012112796 <1012112796@qq.com>
a64cdfd4fd
Markdown CSS tweaks () 
Update Markdown CSS to more closely match GH rendering. Changes include
better nested list margins and tweaked font sizes.

Co-authored-by: Lauris BH <lauris@nix.lv>
a926ff919d
Performance improvement for last commit cache and show-ref () 
* Improve performance when there are multiple commits in the last commit cache

* read refs directly if we can

Signed-off-by: Andrew Thornton <art27@cantab.net>
6ebd833780
Fix DB session cleanup () 
The DB session clean up needs to check expiry not created_unix.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
0590176a23
Only use boost workers for leveldb shadow queues () 
* The leveldb shadow queue of a persistable channel queue should always start with 0
workers and just use boost to add additional workers if necessary.

* create a zero boost so that if there are no workers in a pool - boost to start the workers

* actually set timeout appropriately on boosted workers

Signed-off-by: Andrew Thornton <art27@cantab.net>
8c8471e754
Addition to (Add Location, Website and Description to API ) () 
* Use same name as other structs.

* Sync with normal forms.

* Edit description with API.

* Workaround for nil value.
5c5cfd6b18
Improve Light Chroma style () 
* Improve Light Chroma style

* Light Chroma style: avoid close colors

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
d11b9fbcce
Prevent race in TestChannelQueue_Batch () 
There is a potential race in TestChannelQueue_Batch due to boost workers starting up

This PR simply removes the boosts from this test.

Signed-off-by: Andrew Thornton <art27@cantab.net>
1b017fe7ca
Fix setting redis db path () 
There is a bug setting the redis db in the common nosql manager whereby the db path
always fails.

This PR fixes this.

Signed-off-by: Andrew Thornton <art27@cantab.net>
5e047b9bd7
Add compare tag dropdown to releases page () 
* Add compare tag dropdown to releases page

* Change defaults to be more intuitive and remove unneeded option

* Fix to select branch on releases page

Co-authored-by: Jonathan Tran <jon@allspice.io>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
34b21625c2
Display specific message if diff is not displayed because of too long line () 
* 7184-  message if line too long

* Update options/locale/locale_en-US.ini

Co-authored-by: silverwind <me@silverwind.io>

* add flag on missing cases

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Andrew Thornton <art27@cantab.net>
21465a2ce3
Fix webkit calendar icon color on arc-green () 
Co-authored-by: zeripath <art27@cantab.net>
47fd156936
Use route rather than use thus reducing the number of stack frames () 
Since the move to Chi the number of stack frames has proliferated somewhat catastrophically and we're up to 96 frames with multiple tests of the url outside of a trie which is inefficient.

This PR reduces the number of stack frames by 6 through careful use of Route, moves Captcha into its own router so that it only fires on Captcha routes, similarly for avatars and repo-avatars.

The robots.txt, / and apple-touch-icon.png are moved out of requiring Contexter.

It moves access logger higher in the stack frame because there is no reason why it can't be higher.

Extract from 
Contains
2bd5408e5f
MySQL 5 FAQ () 
* MySQL 5

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Wording
eed88dc34d
Fix broken avatars since () 
There was a missing * from the avatars routes in .

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
a961335dc7
Issue list alignment tweaks () 
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
da41714c50
Add caret styling CSS () 
* Add caret styling CSS

Fixes: https://github.com/go-gitea/gitea/issues/15644

* add rule in arc-green as well

* grammar

* Update web_src/less/themes/theme-arc-green.less

Co-authored-by: Wim <wim@42.be>

* remove extra rule

* add comment

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Wim <wim@42.be>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
e071b53686
Fix close button change on delete in simplemde area () 
* Fix close button change on delete in simplemde area

Fix issue with close button changing when deleting in the simplemde textarea.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* apply suggestion

Co-authored-by: 6543 <6543@obermui.de>
eedc0c8324
Defer closing the gitrepo until the end of the wrapped context functions () 
There was a mistake in  where deferral of gitrepo close occurs before it should.

This PR fixes this.

Signed-off-by: Andrew Thornton <art27@cantab.net>
3088866531
fix some ui bug about draft release () 
* fix some ui bug about draft release

- should not show draft release in tag list because
  it will't create real tag
- still show draft release without tag and commit message
  for draft release instead of 404 error
- remove tag load for attachement links because it's useless

Signed-off-by: a1012112796 <1012112796@qq.com>

* add test code

* fix test

That's because has added a new release in relaese test database.

* fix dropdown link for draft release
6a3ad0b24e
reverse partial and comment () 
* reverse & comment

* Update templates/repo/graph/commits.tmpl

Co-authored-by: 6543 <6543@obermui.de>

Co-authored-by: zeripath <art27@cantab.net>
45970ae82e
Feature/oauth userinfo () 
* Implemented userinfo 

* Make lint happy

* Add userinfo endpoint to openid-configuration

* Give an error when uid equals 0

* Implemented BearerTokenErrorCode handling

* instead of ctx.error use ctx.json so that clients
parse error and error_description correctly

* Removed unneeded if statement

* Use switch instead of subsequent if statements
Have a default for unknown errorcodes.

Co-authored-by: Nils Hillmann <hillmann@nlh-software.de>
Co-authored-by: nlhsoftware <nlhsoftware@noreply.localhost>
edb838997c
Fix setting version table in dump () 
* Fix setting version table in dump

As noted on Discord there is a problem with gitea dump where the version table
is not being dumped correctly.

This is due to a missing pointer in the TableInfo.

This PR fixes this.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update models_test.go
114c85e6ef
Fix bug where repositories appear unadopted () 
Fix bug where repositories with capital letters in their names appear unadopted.

Fix 

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
9b5185d3cc
Improve logo customization docs () 
* Improve logo customization docs

* Update docs/content/doc/advanced/customizing-gitea.en-us.md

* Update docs/content/doc/advanced/customizing-gitea.en-us.md

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
640066840e
Use a generic markup class to display externally rendered files and diffs () 
* creates and implements generic markup less class

* How to give custom CSS to externally rendered html

* Clarifies sources of CSS styling of markup

* further clarification of sources of markup styling

* rename _markdown to _markup

* remove defunct import

* fix orphaned reference

* Update docs/content/doc/advanced/external-renderers.en-us.md

* more renames markdown -> markup

* do not suggest less customization

* add back tokens

* fix class whitespace, remove useless if-clause

* remove unused csv-data rules

* use named exports and rename functions

* sort imports

Co-authored-by: HarvsG <11440490+HarvsG@users.noreply.github.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: silverwind <me@silverwind.io>
bdc1697729
Drop back to use IsAnInteractiveSession for SVC () 
* Drop back to use IsAnInteractiveSession for SVC

There is an apparent permission change problem when using
IsWindowsService to determine if the SVC manager should be
used.

This PR simply drops back to using IsAnInteractiveSession as
this does not change behaviour.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Yes staticcheck I know this is deprecated

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Just leave me alone lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
c25813182c
not show `ref-in-new-issue` pop when issue was disabled () 
fix 

Signed-off-by: a1012112796 <1012112796@qq.com>
8f0539c235
Set GIT_DIR correctly if it is not set () 
* Set GIT_DIR correctly if it is not set

* Expand out templates

Signed-off-by: Andrew Thornton <art27@cantab.net>
a4c13229b7
Use pulls in commit graph unless pulls are disabled () 
Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
4900881924
Use esbuild to minify CSS () 
It's about a 30% speedup in webpack build time with neglible differences
in the output size. We do lose the ability for CSS source maps, but I
rarely have a use for them anyways.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: 6543 <6543@obermui.de>
9557b8603a
Add selecting tags on the compare page () 
* Add selecting tags on the compare page

* Remove unused condition and change indentation

* Fix tag tab in dropdown to be black

* Add compare tag integration test

Co-authored-by: Jonathan Tran <jon@allspice.io>
272bbb200d
Make let target "clean-all" remove node_modules folder too () 
* Make let target "clean-all" remove node_modules folder too
24ad131221
Rename StaticUrlPrefix to AssetUrlPrefix () 
Use a new name for this template/frontend variable to make it distinct
from the server variable StaticURLPrefix.
2a9b8d173a
Code comments improvements () 
- Right-align the Reply and Resolve buttons
- Center Resolved text and add some padding
- Add padding to inline comments
- Indent the comment content to align with author name
- Re-parent form to allow better button layout space.

Co-authored-by: zeripath <art27@cantab.net>
e22ee468cf
Exponential Backoff for ByteFIFO () 
This PR is another in the vein of queue improvements. It suggests an
exponential backoff for bytefifo queues to reduce the load from queue
polling. This will mostly be useful for redis queues.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
864e656d81
Display conflict-free merge messages for pull requests () 
Repositories using external issue tracker tend to use numeric issues in
commits. To prevent conflicts during issue reference parsing or inside
commit hooks, this change respects these configuration and uses the !
character to refer to pull requests in merge commit messages.

For repositories using squash merges, this was already handled.

Signed-off-by: JustusBunsi <61625851+justusbunsi@users.noreply.github.com>
Co-authored-by: zeripath <art27@cantab.net>
a69fb523a7
Ensure that ctx.Written is checked after issues(...) calls () 
Fix issue noted in 

Signed-off-by: Andrew Thornton <art27@cantab.net>
c3802dcc0f
Use binary version of revive linter () 
Use the common `go get` method to install and run the revive linter,
removing the useless build/lint.go and related vendor libraries.
a98c09d2ae
Changelog v1.14.2 () () 
* Changelog v1.14.2 ()

* changelog tool generate

* format & add

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
a229e34387
Allow only internal registration () 
* Add ALLOW_ONLY_INTERNAL_REGISTRATION into settings

* OpenID respect setting too
a2df265476
Add trace logging to SSO methods () 
It is currenly impossible to detect which "SSO" method is responsible for login. This
PR adds some basic trace logging to these methods.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2e0f315617
Respect default merge message syntax when parsing item references () 
* Respect merge message structure for parsing item references

Signed-off-by: JustusBunsi <61625851+justusbunsi@users.noreply.github.com>
Co-authored-by: zeripath <art27@cantab.net>
4a84022d25
Comment out app.example.ini () 
This PR is an alternative to .

Instead of deleting the app.example.ini - just comment out most of the
thing. This makes it clear what needs to be set and what is completely
optional - and keeps the documentation.

The app.example.ini is moved around to move the most important settings
higher in the document.

Close 

Signed-off-by: Andrew Thornton <art27@cantab.net>
038e1db4df
Return go-get info on subdirs () 
This PR is an alternative to  and makes the go get handler a
handler.

Fix 

Close 

Signed-off-by: Andrew Thornton <art27@cantab.net>
270aab429e
On open repository open common cat file batch and batch-check () 
Use common git cat-file --batch and git cat-file --batch-check to
significantly reduce calls to git.
    
Signed-off-by: Andrew Thornton <art27@cantab.net>
1e6fa57acb
Use single shared random string generation function () 
* Use single shared random string generation function

- Replace 3 functions that do the same with 1 shared one
- Use crypto/rand over math/rand for a stronger RNG
- Output only alphanumerical for URL compatibilty

Fixes: 

* use const string method

* Update modules/avatar/avatar.go

Co-authored-by: a1012112796 <1012112796@qq.com>

Co-authored-by: a1012112796 <1012112796@qq.com>
e5723d6556
Move restore repo to internal router and invoke from command to avoid open the same db file or queues files () 
* Move restore repo to internal router and invoke from command to avoid open the same db file or queues files

* Follow @zeripath's review

* set no timeout for resotre repo private request

* make restore repo cancelable
75d8297045
add note about ``cron.SCHEDULE`` format in document () 
* add note about ``cron.SCHEDULE`` format in document

Signed-off-by: a1012112796 <1012112796@qq.com>

* Update custom/conf/app.example.ini

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
d37a89ed05
don't record error when request a non-exist user () 
* don't record error when request a non-exist user

* Update routers/repo/http.go

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2f65c6b2f0
Add err to log () 
Signed-off-by: jolheiser <john.olheiser@gmail.com>
d86d123322
Add mimetype mapping settings () 
* Fix APK's Content-Type header

* Fix case sensitive comparison

* Add custom mime type mapping for downloadable files

* Add documentation for MIME type mapping

* Rename download.mimetype.mapping configuration to repository.mimetype_mapping

Co-authored-by: zeripath <art27@cantab.net>
f8335444de
Add Active and ProhibitLogin to API () 
* Added active and prohibit_login.

* Do not omit fields for normal users.
fc6501e4e0
Set autocomplete off on branches selector () 
Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
793e03244b
label size, PR ref, new PR button alignment () 
Co-authored-by: zeripath <art27@cantab.net>
aa65a607e4
Queue manager FlushAll can loop rapidly - add delay () 
* Queue manager FlushAll can loop rapidly - add delay

Add delay within FlushAll to prevent rapid loop when workers are busy

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per lunny

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
3d7d750a99
Fix individual tests (addition to ) () 
* Decouple TestAction_GetRepoLink and TestSizedAvatarLink.

* Load database for TestCheckGPGUserEmail.

* Load database for TestMakeIDsFromAPIAssigneesToAdd.

* Load database for TestGetUserIDsByNames and TestGetMaileableUsersByIDs.

* Load database for TestUser_ToUser.

* Load database for TestRepository_EditWikiPage.

* Include AppSubURL in test.

* Prevent panic with empty slice.

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2a565478d1
Tagger can be empty, as can Commit and Author - tolerate this () 
Unfortunately some old repositories can have tags with empty Tagger, Commit
or Author. Go-Git variants will always have empty values for these whereas
the native git variant leaves them at nil. The simplest solution is just to
always have these set to empty Signatures.

v156 migration also makes the incorrect assumption that these cannot be empty.
Therefore add some handling to this and add logging and adjust broken
logging elsewhere in this migration.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
dd81c29052
Reaction improvements () 
- Add some spacing to inline reactions
- Adjust colors and add variables
ec2addc0ed
Update README.md | Add translation section () 
* Update README.md

* chinese translation

Signed-off-by: a1012112796 <1012112796@qq.com>

* Update README.md

* Update README.md

* Update README.md

Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
8ab815ae93
Unregister non-matching serviceworkers () 
* Unregister non-matching serviceworkers

With the addition of the /assets url, users who visited a previous
version of the site now may have two active service workers, one with
the old scope `/` and one with scope `/assets`. This check for
serviceworkers that do not match the current script path and unregisters
them.

Also included is a small refactor to publicpath.js which was simplified
because AssetUrlPrefix is always present now. Also it makes use of the
new joinPaths helper too.

Fixes: https://github.com/go-gitea/gitea/pull/15823
6a8e5f69cf
Fix bound address/port for caddy's certmagic library () 
* Fix bound address/port for caddy's certmagic library

* Fix bug

Co-authored-by: zeripath <art27@cantab.net>
27b29ffb22
fix truncate utf8 string () 
* fix truncate utf8 string.

* revoke truncated user info.
0ada74edbc
Only offer hostcertificates if they exist () 
A common bug report is the otherwise harmless sshd logging:

```
Could not load host certificate "/data/ssh/ssh_host_ed25519_cert": No such file or directory
```

This PR simply checks if these files exist before creation of sshd_config and if
they do not exist, doesn't add a reference to them.

Fix  amongst others.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
9545c345a8
Update JS dependencies, use Node 16 () 
- Update all JS dependencies to latest version
- Use Node 16 on CI
- Add new lint rules
- Add some gitignore entries for debug files

Co-authored-by: Lauris BH <lauris@nix.lv>
d234d37aa8
Restore PAM user autocreation functionality () 
* Restore PAM user autocreation functionality

PAM autoregistration of users currently fails due to email invalidity.
This PR adds a new setting to PAM to allow an email domain to be set
or just sets the email to the noreply address and if that fails falls
back to uuid@localhost

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* As per KN4CKER

Signed-off-by: Andrew Thornton <art27@cantab.net>
bbbe625343
Only write config in environment-to-ini if there are changes () 
* Only write config in environment-to-ini if there are changes

Only write the new config in environment-to-ini if there are changes or the
destination is not the same as the customconf.

Fix 
Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
418c5feded
Add information on how to rotate logging from outside container () 
Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
44286e29f0
reverse proxy for IIS () 
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
05fb1f61d5
Add jest rootDir and test-frontend dependency () 
- Define jest rootDir to limit where it looks for test files
- Add missing dependency on test-frontend target so it can be ran from a
  clean checkout
2d87a84709
Stop calling WriteHeader in Write () 
Fixes http: superfluous response.WriteHeader call from code.gitea.io/gitea/modules/context.(*Response).WriteHeader (response.go:67)

* Looking again we don't need this writeHeader as all of our downstream
implementations will always do it for us

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
1a5659943e
Add timeout to writing to responses () 
In  it has become apparent that there are a few occasions when a response can
hang during writing, and because there is no timeout go will happily just block
interminably. This PR adds a fixed 5 second timeout to all writes to a connection.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
df72cf6211
Fix LFS commit finder not working () 
* Create a copy of the sha bytes.


Co-authored-by: Andrew Thornton <art27@cantab.net>
d0ea10b21f
Close the gitrepo when deleting the repository () 
Signed-off-by: Andrew Thornton <art27@cantab.net>
b6b8b194ca
Fix blame row height alignment () 
* fix blame row alignment on firefox

* fix blame row alignment in chrome

* fix blame row alignment in safari

as per @silverwind

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
ba526ceffe
Multiple Queue improvements: LevelDB Wait on empty, shutdown empty shadow level queue, reduce goroutines etc () 
* move shutdownfns, terminatefns and hammerfns out of separate goroutines

Coalesce the shutdownfns etc into a list of functions that get run at shutdown
rather then have them run at goroutines blocked on selects.

This may help reduce the background select/poll load in certain
configurations.

* The LevelDB queues can actually wait on empty instead of polling

Slight refactor to cause leveldb queues to wait on empty instead of polling.

* Shutdown the shadow level queue once it is empty

* Remove bytefifo additional goroutine for readToChan as it can just be run in run

* Remove additional removeWorkers goroutine for workers

* Simplify the AtShutdown and AtTerminate functions and add Channel Flusher

* Add shutdown flusher to CUQ

* move persistable channel shutdown stuff to Shutdown Fn

* Ensure that UPCQ has the correct config

* handle shutdown during the flushing

* reduce risk of race between zeroBoost and addWorkers

* prevent double shutdown

Signed-off-by: Andrew Thornton <art27@cantab.net>
17c5c654a5
Prevent double-login for Git HTTP and LFS and simplify login () 
* Prevent double-login for Git HTTP and LFS and simplify login

There are a number of inconsistencies with our current methods for
logging in for git and lfs. The first is that there is a double login
process. This is particularly evident in 1.13 where there are no less
than 4 hash checks for basic authentication due to the previous
IsPasswordSet behaviour.

This duplicated code had individual inconsistencies that were not
helpful and caused confusion.

This PR does the following:

* Remove the specific login code from the git and lfs handlers except
for the lfs special bearer token
* Simplify the meaning of DisableBasicAuthentication to allow Token and
Oauth2 sign-in.
* The removal of the specific code from git and lfs means that these
both now have the same login semantics and can - if not
DisableBasicAuthentication - login from external services. Further it
allows Oauth2 token authentication as per our standard mechanisms.
* The change in the recovery handler prevents the service from
re-attempting to login - primarily because this could easily cause a
further panic and it is wasteful.

* add test

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
f582ec4e53
Create a session on ReverseProxy and ensure that ReverseProxy users cannot change username () 
* Create a session on ReverseProxy and ensure that ReverseProxy users cannot change username

ReverseProxy users should generate a session on reverse proxy username change.

Also prevent ReverseProxy users from changing their username.

Fix 

* add testcase

Signed-off-by: Andrew Thornton <art27@cantab.net>
8e32eeb5de
Hold the event source when there are no listeners () 
* Hold the event source when there are no listeners

The event source does not need to run when there are no listeners. Therefore
pause it when there are none.

* add some more logging

Signed-off-by: Andrew Thornton <art27@cantab.net>
e0c93fed05
GitHub: migrate draft releases too () 
* GitHub: migrate draft releases too

* refactor
58646cab22
Move sans-serif fallback font higher than emoji fonts () 
The Tor browser does not use the system-ui font and no other fonts in the stack match
its default fonts. In fact it is possible that it will in future only
match generic fonts. This means that all rendering will first try the
emoji fonts before falling back to the sans-serif font for glyphs.

In this case has the emoji fall back fonts for Tor contains empty glyphs
for numbers - in order to protect privacy - and leads to numbers being
rendered as empty glyphs. This is clearly not ideal and whilst we could
use the Arimo font - as I state above I suspect that Tor will eventually
ban detecting this and we should instead move the sans-serif font higher
in the stack so that it matches before the emoji fonts.

Partial fix of 

Signed-off-by: Andrew Thornton <art27@cantab.net>
3a04d6f43f
Systemd needs After as well as Require () 
If the gitea service is stopped because of the db going down
it needs an `After=db.service` to ensure it is restarted in
addition to the `Requires=db.service` to ensure that the db
is started before gitea is started.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
c3aaf5eafd
Rework Token API comments () 
Move the token API discussion into a common section discussing the
generation and listing of the tokens.  Add a note on the display of
the sha1 during creation and listing.

Co-authored-by: Norwin <noerw@users.noreply.github.com>
a32bfd867d
Issue sidebar and misc css fixes () 
- Replace remaining font icons with SVG in issue sidebar
- Rework issue due date display
- Realign avatar in timeline
- Fix font size in repo search and code explore
- Consolidate active button styles
- Fix loading form on arc-green
- Align time tracker buttons vertically

Fixes: https://github.com/go-gitea/gitea/issues/15896
a137ee7a68
git migration: don't prompt interactively for clone credentials () 
* don't prompt interactively for clone credentials

* apply GIT_TERMINAL_PROMPT=0 to all git cmds

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
4c3e56da13
Use Wants= over Requires= in systemd file () 
`Requires=` has the behaviour of stopping `gitea.service` when the
database is stopped but not bringing it up again after the database is
started again. Use `Wants=` to define a weak requirement instead,
meaning `gitea.service` will be kept running when the database is
stopped, which is not an issue because gitea will just reconnect later
on.

Fixes: https://github.com/go-gitea/gitea/issues/15866

Co-authored-by: zeripath <art27@cantab.net>
3e068fcdcb
Fix typo in hacking-on-gitea.en-us.md () 
* continously -> continuously
* continous -> continuous
0e56e9c9d9
Restore token authentication for git http when 2FA active () 
There was a small regression in  whereby token auth
with 2FA active would be disallowed.

This PR fixes this.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
370cfde35e
Fix and restyle menu on code line () 
* Fix and restyle menu on code line

* fix multiline and more tweaks

* move to separate files

* remove has-context-menu class

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
e542b416a7
api: fix overly strict edit pr permissions () 
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
c636ef8f1d
Disable legal comments in esbuild () 
We already serve licenses.txt so we don't need these inline comments
preserved during esbuild minification. Saves around 4kB before gzip.
17be645498
Encrypt LDAP bind password in db with SECRET_KEY () 
* Encrypt LDAP bind password in db with SECRET_KEY

The LDAP source bind password are currently stored in plaintext in the db
This PR simply encrypts them with the setting.SECRET_KEY.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* remove ui warning regarding unencrypted password

Co-authored-by: silverwind <me@silverwind.io>
90eeb6363c
Fix layout of milestone view () 
fix 

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
d6d2444f2a
Add curl to rootless docker image () 
Signed-off-by: JustusBunsi <61625851+justusbunsi@users.noreply.github.com>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
fec8324026
add a new internal hook to save ssh log () 
* add a new internal hook to save ssh log

as title, when a ssh error ocure like .
only when switch ``RUN_MODE`` to dev can we
found which error is ocure. But this way is
not a good idea for production envirment.

this changes try save ssh error mesage to the
log file like other log by a new internal hook.
I think it's usefull for find error message
in production envirment. Thanks.

Signed-off-by: a1012112796 <1012112796@qq.com>

* rename and fix nit

* Update modules/private/hook.go

Co-authored-by: silverwind <me@silverwind.io>

Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
d957a1569a
Bump `postgres` and `mysql` versions () 
* bump postgres and mysql DB versions

* posgres test against v10

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
be745be0a4
Double the avatar size factor () 
* Double the avatar size factor

This results on finer Avatar rendering on Hi-DPI display.

* fix test

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
77fa7146c6
Add email headers () 
* Added additional email headers.

* Added tests.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
308b562b3c
Remove remaining fontawesome usage in templates () 
Can not remove the dependency yet because easymde depends on it.
b4d10598c9
Remove fomantic accordion module () 
Replace it with native <detail> element. Did some slight restyling on
the release downloads, new behaviour should be exactly the same
otherwise.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
6021fbfe7a
Make tasklist checkboxes clickable () 
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
3aaf64885f
Change default queue settings to be low go-routines () 
This PR suggests a change to the default configuration for queues:

* Use a common DATADIR for the queues
* Set starting workers to 0 and make boost a single worker

Signed-off-by: Andrew Thornton <art27@cantab.net>
5285a3e70e
Add possibility to make branch in branch page () 
* Add possibility to make branch in branch page ()

Add possibility to make branch in branch page
in the area next to Download and Delete buttons.
It is a more intuitive place in the interface
compared to what is already there.

Signed-off-by: Viktor Yakovchuk <viktor@yakovchuk.net>

* Update templates/repo/branch/list.tmpl

Co-authored-by: zeripath <art27@cantab.net>
d5f20104da
Remove branch URL before IssueRefURL () 
Revert change for account / org dashboard where IssueRefURLs do not
contain the full repo URL (case RepoLink is not true)

Co-authored-by: Norwin <noerw@users.noreply.github.com>

Remove trailing whitespace from PR review
c1a80b7d6a
Use filepath.ToSlash and Join in indexer defaults and queues () 
As revealed by  there is inconsistent use of filepath Join and path Join
for these directories. The best thing to do is to use filepath.Join but then ToSlash
them for consistency.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
d1dbbf43b0
not show link to migration on repo reate page when it was disabled () 
* not show link to migration on repo reate page when it was disabled

Signed-off-by: a1012112796 <1012112796@qq.com>

* fix lint

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
6d39053711
Fix setting of SameSite on cookies () 
Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
b27a9d43a5
add permission check for ``GenerateRepository`` () 
Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
6d6a65cf5c
Allow Token/Basic auth on raw paths () 
It appears that people have been using token authentication to navigate to raw paths
and recent changes have broken this. Whilst ideally these paths would not be being used
like this - it was not the intention to be a breaking change.

This PR restores access to these paths.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
c9480c5f60
Add links to toggle WIP status () 
* Add links to toggle PR WIP status

* Allow PR author to toggle WIP status

* refactors and restyling, remove links from translations

Co-authored-by: Norwin <noerw@users.noreply.github.com>
Co-authored-by: silverwind <me@silverwind.io>
a5d8f58341
Update queue workers for v1.15 () 
* Update queue workers for v1.15

* update app.example.ini

* update re queue path

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Andrew Thornton <art27@cantab.net>
efe77eec85
Unified custom config creation () 
* Unified custom config creation.

* Fixed log message.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
a9daebca22
Fix get tag when migration () 
Co-authored-by: zeripath <art27@cantab.net>
effad26c0e
Improve assets handler middleware () 
* Use route to serve assets but not middleware

* Fix build error with bindata tag

* convert path to absolute

* fix build

* reduce function stack

* Add tests for assets

* Remove test for assets because they are not generated

* Use a http function to serve assets

* Still use middleware to serve assets then less middleware stack for assets

* Move serveContent to original position

* remove unnecessary blank line change

* Fix bug for /assets* requests

* clean code

Co-authored-by: zeripath <art27@cantab.net>
36dce0e457
Close the dataRC reader sooner () 
Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
37205039fc
Replace clipboard.js with async clipboard api () 
Use async clipboard api [1] over this dependency, saving around 10kB
bundle size before minify while delivering the same functionality.

The issue comment button works but does not have a popup indication. We
could add some toast-style notifications in the future to fix that but I
think it's out of scope of this PR.

[1] https://developer.mozilla.org/en-US/docs/Web/API/Clipboard/writeText
3183a465d7
Make modules/context.Context a context.Context () 
* Make modules/context.Context a context.Context

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Simplify context calls

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Set the base context for requests to the HammerContext

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
256b1a3561
Fix bug in reverse proxy () 
Unfortunately go panics you try to cast a nil interface{} as another primitive
therefore you need to check interfaces are not nil before casting.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
cb940c4312
Encrypt migration credentials at rest () 
* encrypt migration credentials in task persistence

Not sure this is the best approach, we could encrypt the entire
`PayloadContent` instead. Also instead of clearing individual fields in
payload content, we could just delete the task once it has
(successfully) finished..?

* remove credentials of past migrations

* only run DB migration for completed tasks

* fix binding

* add omitempty

* never serialize unencrypted credentials

* fix import order

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
7a484c0788
Hide mirror passwords on repo settings page () 
This PR simply hides mirror passwords from being displayed on the repo settings page.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
cbf30830d2
Add missing SameSite settings for the i_like_gitea cookie () 
The i_like_gitea cookie appears to be missing the SameSite settings. I think they
were present at some point but may have been removed in a merge.

This PR ensures that they are set.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
5de01e21a1
Make sshd_config more flexible regarding connections () 
* Make sshd_config more flexible regarding
MaxStartups and MaxSessions.

See https://man.openbsd.org/sshd_config
for more information.

* make property prefix equals
other existing Gitea SSH properties.

Co-authored-by: dlouzado <dlouzado@senado.leg.br>
072df3ff87
update ``.raw-content`` when edit issue/comment content () 
* update ``.raw-content`` when edit issue/comment content

fix 

Signed-off-by: a1012112796 <1012112796@qq.com>

* handle empty content

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
7081046b5f
Fix language switch for install page () 
Signed-off-by: a1012112796 <1012112796@qq.com>
8947422781
Fix bug due to missing MaxStartups and MaxSessions () 
Unforunately  makes these settings mandatory. This PR uses the same technique
as used for the certificates to make these settings non-mandatory.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
9fdda90085
Fix case change in ownernames () 
If you change the case of a username the change needs to be propagated to their
repositories.

Signed-off-by: Andrew Thornton <art27@cantab.net>
8e262104c2
Add Image Diff for SVG files () 
* Added type sniffer.

* Switched content detection from base to typesniffer.

* Added GuessContentType to Blob.

* Moved image info logic to client.
Added support for SVG images in diff.

* Restore old blocked svg behaviour.

* Added missing image formats.

* Execute image diff only when container is visible.

* add margin to spinner

* improve BIN tag on image diffs

* Default to render view.

* Show image diff on incomplete diff.

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
b77c62d950
Fix typo and add TODO notice () 
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
fe18a85f54
Fix panic () 
There is an incorrect casting in the wrapped queue.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
683cfe39ef
Change default TMPDIR path in rootless containers () 
Signed-off-by: Steven Kriegler <61625851+justusbunsi@users.noreply.github.com>
ee5e1c4a88
Rewrite of the LFS server () 
* Restructured code. Moved static checks out of loop.

* Restructured batch api. Add support for individual errors.

* Let router decide if LFS is enabled.

* Renamed methods.

* Return correct status from verify handler.

* Unified media type check in router.

* Changed error code according to spec.

* Moved checks into router.

* Removed invalid v1 api methods.

* Unified methods.

* Display better error messages.

* Added size parameter. Create meta object on upload.

* Use object error on invalid size.

* Skip upload if object exists.

* Moved methods.

* Suppress fields in response.

* Changed error on accept.

* Added tests.

* Use ErrorResponse object.

* Test against message property.

* Add support for the old invalid lfs client.

* Fixed the check because MinIO wraps the error.

* Use individual repositories.

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
b6762e2306
Fix regression of renderer () 
* Fix regression of renderer

* Fix render setting load twice bug
51775f65bc
Make commit info cancelable () 
* Make modules/context.Context a context.Context

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Simplify context calls

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Set the base context for requests to the HammerContext

Signed-off-by: Andrew Thornton <art27@cantab.net>

* pass context into get-last-commit

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Make commit_info cancellable

Signed-off-by: Andrew Thornton <art27@cantab.net>

* use context as context

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
0909695204
Merge all deleteBranch as one function and also fix bug when delete branch don't close related PRs () 
* Fix bug when delete branch don't close related PRs

* Merge all deletebranch as one method

* Add missed branch.go

* fix comment

Co-authored-by: Lauris BH <lauris@nix.lv>
21cde5c439
Fix data URI scramble () 
* Removed unused method.

* No prefix for data uris.

* Added test to prevent regressions.
b9d611e917
Always store primary email address into email_address table and also the state () 
* Always store primary email address into email_address table and also the state

* Add lower_email to not convert email to lower as what's added

* Fix fixture

* Fix tests

* Use BeforeInsert to save lower email

* Fix v180 migration

* fix tests

* Fix test

* Remove wrong submited codes

* Fix test

* Fix test

* Fix test

* Add test for v181 migration

* remove change user's email to lower

* Revert change on user's email column

* Fix lower email

* Fix test

* Fix test
44f8c812ec
Fix `doctor --run check-db-consistency --fix` with label fix () 
* Add doctor for wrong label and issue_label data

* Fix labels and issue labels check

* Remove unnecessary functions
e03a91a48e
Remove spurious AppSubUrl in serviceworker request. () 
There is another spurious AppSubUrl placement in the serviceworker registration.
This PR removes it.

Signed-off-by: Andrew Thornton <art27@cantab.net>
1bfb0a24d8
Refactor routers directory () 
* refactor routers directory

* move func used for web and api to common

* make corsHandler a function to prohibit side efects

* rm unused func

Co-authored-by: 6543 <6543@obermui.de>
da057996d5
Fix http path bug () 
* Fix http path bug

* Add missed request

* add tests

Co-authored-by: 6543 <6543@obermui.de>
fb3ffeb18d
Add sso.Group, context.Auth, context.APIAuth to allow auth special routes () 
* Add sso.Group, context.Auth, context.APIAuth to allow auth special routes

* Remove unnecessary check

* Rename sso -> auth

* remove unused method of Auth interface
5fef041079
Remove unnecessary goroutine () 
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
179c727b4f
Fix bug on getIssueIDsByRepoID () 
* Fix bug on getIssueIDsByRepoID

* Add test
86e2789960
Vendor Update () 
* update github.com/PuerkitoBio/goquery

* update github.com/alecthomas/chroma

* update github.com/blevesearch/bleve/v2

* update github.com/caddyserver/certmagic

* update github.com/go-enry/go-enry/v2

* update github.com/go-git/go-billy/v5

* update github.com/go-git/go-git/v5

* update github.com/go-redis/redis/v8

* update github.com/go-testfixtures/testfixtures/v3

* update github.com/jaytaylor/html2text

* update github.com/json-iterator/go

* update github.com/klauspost/compress

* update github.com/markbates/goth

* update github.com/mattn/go-isatty

* update github.com/mholt/archiver/v3

* update github.com/microcosm-cc/bluemonday

* update github.com/minio/minio-go/v7

* update github.com/prometheus/client_golang

* update github.com/unrolled/render

* update github.com/xanzy/go-gitlab

* update github.com/yuin/goldmark

* update github.com/yuin/goldmark-highlighting

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
daa5a23548
Set self-adjusting deadline for connection writing () 
* Set self-adjusting deadline for connection writing

In  it appears that the simple 5s deadline doesn't work for large
file writes. Now we can't - or at least shouldn't just set no deadline
as go will happily let these connections block indefinitely. However,
what seems reasonable is to set some minimum rate we expect for writing.

This PR suggests the following algorithm:

* Every write has a minimum timeout of 5s (adjustable at compile time.)
* If there has been a previous write - then consider its previous
deadline, add half of the minimum timeout + 2s per kb about to written.
* If that new deadline is after the minimum timeout use that.

Fix 

* Linearly increase timeout

* Make PerWriteTimeout, PerWritePerKbTimeouts configurable

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
b5f5eab913
Removable media support () 
Add support removable media for snap version of gitia.
for get more info about removable media interface see the snapcraft [documentation](https://snapcraft.io/docs/removable-media-interface)
a005265718
small refactor for retry downloader () 
Signed-off-by: a1012112796 <1012112796@qq.com>
0393a57511
Add a new table issue_index to store the max issue index so that issue could be deleted with no duplicated index () 
* Add a new table issue_index to store the max issue index so that issue could be deleted with no duplicated index

* Fix pull index

* Add tests for concurrent creating issues

* Fix lint

* Fix tests

* Fix postgres test

* Add test for migration v180

* Rename wrong test file name

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
2b39357443
Fixed sanitize errors. () 
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
1295e750b4
Add OpenID claims "profile" and "email". () 
* Added OpenID claims "profile" and "email".

* Splitted error.

* Added scopes_supported and claims_supported.

* Added more metadata.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
5d113bdd19
Improve performance of dashboard list orgs () 
* Improve performance of dashboard list orgs

* Fix wrong error description

* unexport queryUserOrgIDs method

* SimpleOrg -> MinimalOrg

* .

Co-authored-by: 6543 <6543@obermui.de>
440039c0cc
Add push to remote mirror repository () 
* Added push mirror model.

* Integrated push mirror into queue.

* Moved methods into own file.

* Added basic implementation.

* Mirror wiki too.

* Removed duplicated method.

* Get url for different remotes.

* Added migration.

* Unified remote url access.

* Add/Remove push mirror remotes.

* Prevent hangs with missing credentials.

* Moved code between files.

* Changed sanitizer interface.

* Added push mirror backend methods.

* Only update the mirror remote.

* Limit refs on push.

* Added UI part.

* Added missing table.

* Delete mirror if repository gets removed.

* Changed signature. Handle object errors.

* Added upload method.

* Added "upload" unit tests.

* Added transfer adapter unit tests.

* Send correct headers.

* Added pushing of LFS objects.

* Added more logging.

* Simpler body handling.

* Process files in batches to reduce HTTP calls.

* Added created timestamp.

* Fixed invalid column name.

* Changed name to prevent xorm auto setting.

* Remove table header im empty.

* Strip exit code from error message.

* Added docs page about mirroring.

* Fixed date.

* Fixed merge errors.

* Moved test to integrations.

* Added push mirror test.

* Added test.
f374789fe2
Fix private repo permission problem () 
* Change user access permission

* Add string 'transfer_notices_3'

* Add 3rd transfer note to transfer dialog

* Add test

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
15fbf23d13
v180 migration should be standalone () 
Unfortunately the v180 migration picked up a few non-standalone dependencies. This PR
forcibly copies the important parts back into the migration.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
ebf253b841
Add attachments for PR reviews () 
* First step for multiple dropzones per page.

* Allow attachments on review comments.

* Lint.

* Fixed accidental initialize of the review textarea.

* Initialize SimpleMDE textarea.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
95352e6bd5
Make command in authorized keys a template () 
Fix 
Replaces 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
864f0c0447
Use milestone deadline when sorting issues () 
When sorting issues by deadline, the deadline of the milestone the issue
is attached to wasn't taken into account.

It have been changed and the nearest deadline is taken into account for
sorting.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
b8e4ce754e
Only check access tokens if they are likely to be tokens () 
* Only check access tokens if they are likely to be tokens

Gitea will currently check every if every password is an access token even though
most passwords are not and cannot be access tokens.

By creation access tokens are 40 byte hexadecimal strings therefore only these should
be checked.

Signed-off-by: Andrew Thornton <art27@cantab.net>
f4d3bf7867
issue-keyword class is being incorrectly stripped off spans () 
Bluemonday sanitizer regexp rules are not additive, so the addition of the icons,
emojis and chroma syntax policy has led to this being stripped.

Signed-off-by: Andrew Thornton <art27@cantab.net>
047c39e91b
Fix spelling () 
Co-authored-by: Jonathan Tran <jon@allspice.io>
6d69df2804
Add Status Updates whilst Gitea migrations are occurring () 
* Add migrating message

Signed-off-by: Andrew Thornton <art27@cantab.net>

* simplify messenger

Signed-off-by: Andrew Thornton <art27@cantab.net>

* make messenger an interface

Signed-off-by: Andrew Thornton <art27@cantab.net>

* rename

Signed-off-by: Andrew Thornton <art27@cantab.net>

* prepare for merge

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per tech

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
5f4522cd1f
Fix missing discard in repo_language_stats () 
Set the missing discard(1) in repo_language_stats.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
ffbf35b7e9
Clean-up the settings hierarchy for issue_indexer queue () 
There are a couple of settings in `[indexer]` relating to the `issue_indexer` queue
which override settings in unpredictable ways. This PR adjusts this hierarchy and makes
explicit that these settings are deprecated.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
0e081ff0ce
[API] ListIssues add more filters () 
* [API] ListIssues add more filters:
optional filter repo issues by:
 - since
 - before
 - created_by
 - assigned_by
 - mentioned_by

* Add Tests

* Update routers/api/v1/repo/issue.go

Co-authored-by: Lanre Adelowo <adelowomailbox@gmail.com>

* Apply suggestions from code review

Co-authored-by: Lanre Adelowo <adelowomailbox@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
1ec9e906dc
Ensure settings for Service and Mailer are read on the install page () 
* Ensure settings for Service and Mailer are read on the install page

NewContext does not set the mailer or service settings so add
a new function that will run this.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>
6ad5d0a306
[API] ListReleases add filter for draft and pre-releases () 
* invent ctx.QueryOptionalBool

* [API] ListReleases add draft and pre-release filter

* Add X-Total-Count header

* Add a release to fixtures

* Add TEST for API ListReleases
0db1048c3a
Run processors on whole of text () 
There is an inefficiency in the design of our processors which means that Emoji
and other processors run in order n^2 time.

This PR forces the processors to process the entirety of text node before passing
back up. The fundamental inefficiency remains but it should be significantly
ameliorated.

Signed-off-by: Andrew Thornton <art27@cantab.net>
b3fbd37e99
[API] expose repo.GetReviewers() & repo.GetAssignees() () 
* API: expose repo.GetReviewers() & repo.GetAssignees()

* Add tests

* fix unrelated swagger query type
19dedc3fa5
Speed up git diff highlight generation () 
Co-authored-by: Mura Li <typeless@users.noreply.github.com>
Co-authored-by: 6543 <6543@obermui.de>
f7cd394680
[API] Add repoCreateTag () 
* Add API CreateTag

* Add Test

* API: expose Tag Message
29695cd6d5
Add asymmetric JWT signing () 
* Added asymmetric token signing.

* Load signing key from settings.

* Added optional kid parameter.

* Updated documentation.

* Add "kid" to token header.
75205b5669
Fix some API bugs () 
* Repository object only count releases as releases (fix )

* EditOrg respect RepoAdminChangeTeamAccess option (fix )
59f25587e8
Changelog v1.14.3 () () 
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: zeripath <art27@cantab.net>
35742d4af7
Reintroduce squash merge default comment as a config setting () 
* Reinstate most of commit 09304db9a5

* Move the behaviour behind a config setting

* Also fix the initial
23358bc55d
Use git log name-status in get last commit () 
* Improve get last commit using git log --name-status

git log --name-status -c provides information about the diff between a
commit and its parents. Using this and adjusting the algorithm to use
the first change to a path allows for a much faster generation of commit
info.

There is a subtle change in the results generated but this will cause
the results to more closely match those from elsewhere.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
196593e2e9
More efficiently parse shas for shaPostProcessor () 
* More efficiently parse shas for shaPostProcessor

The shaPostProcessor currently repeatedly calls git rev-parse --verify on both backends
which is fine if there is only one thing that matches a sha - however if there are
multiple things then this becomes wildly inefficient.

This PR provides functions for both backends which are much faster to use.

Fix 

* Add ShaExistCache to RenderContext

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
4fcae3d06d
Add tests for all webhooks () 
* Added tests for MS Teams.

* Added tests for Dingtalk.

* Added tests for Telegram.

* Added tests for Feishu.

* Added tests for Discord.

* Added tests for closed issue and pullrequest comment.

* Added tests for Matrix.

* Trim all spaces.

* Added tests for Slack.

* Added JSONPayload tests.

* Added general tests.

* Replaced duplicated code.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
681e81babd
reqOrgMembership calls need to be preceded by reqToken () 
ReqOrgMembership calls need to be preceded by reqToken

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
6a083a7234
Update documentation for Implicit TLS () 
As per RFC 8314, it is now recommended to prefer TLS over STARTTLS.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
36c158bc93
Update milestone counters on new issue. () 
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
d55b5eb0d3
Use html.Parse rather than html.ParseFragment () 
* Use html.Parse rather than html.ParseFragment
  There have been a few issues with html.ParseFragment - just use html.Parse instead.

* Skip document node

Signed-off-by: Andrew Thornton <art27@cantab.net>
66f8da538a
Use pulls url if issue is a pull request () 
if a pull request is displayed use the /pulls path
if a pull requests diff is displayed use the /pulls/{id}/files url
if an issue is displayed use the issues url

Fixes 

Signed-off-by: Sebastian Sauer <sauer.sebastian@gmail.com>
17030ced75
Improve notifications for WIP draft PR's () 
*  Reduce amount of email notifications for WIP draft PR's

don't notify repo watchers of WIP draft PR's

*  Notification when WIP Pull Request is ready for review

* Send email notification to repo watchers when WIP PR is created

* Send ui notification to repo watchers when WIP PR is created

* send specific email notification when PR is marked ready for review

instead of reusing the CreatePullRequest action

* Fix lint error

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
d4ae87ea32
Run compliance on amd64 infra () 
* Run compliance on amd64 infra

* Update .drone.yml
5930d09096
Fix Nits () 
* template fix

* nits

* add doer to "created issue/pull"
383ffcfa34
Small refactoring of modules/private () 
* Use correct variable name.

* doer is never nil here.

* Use status code constants.

* Replaced generic map with concrete struct.

* Fixed windows lint.

* Removed unused method.

* Changed error codes.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
8640717f5f
Add docs for windows env vars () 
* Add docs for windows env vars

Fix 

* Fix docs/content/doc/developers/hacking-on-gitea.en-us.md

Co-authored-by: John Olheiser <john.olheiser@gmail.com>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
58501a2682
[API] GET / SET User Settings () 
* API: GET/SET User Settings

* linter

* Apply suggestions from code review

* Update modules/structs/user.go

* lint

* fix swagger

* move User2UserSettings to convert

* as per @zeripath "preferences" -> "settings"

Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
f2babf3346
Add code block highlight to orgmode back () 
Fix missed orgmode code block hightlight

Co-authored-by: zeripath <art27@cantab.net>
08f4b3f312
Fix 500 Error with branch and tag sharing the same name () 
* Fix 500 Error with branch and tag sharing the same name 

Fixed 500 error while create Pull request when there are more
than one sources (branch, tag) with the same name

Fix 

Signed-off-by: Viktor Yakovchuk <viktor@yakovchuk.net>

* fix logging

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: 6543 <6543@obermui.de>
eb324a9402
[API] Add repoGetTag () 
* GetTag -> GetAnnotatedTag

* API: Add repoGetTag

* fix swagger docs

* support "/" as tag name char

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
c9c7afda1a
Add sanitizer rules per renderer () 
* Added sanitizer rules per renderer.

* Updated documentation.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
b223d36195
Rework repository archive () 
* Use storage to store archive files

* Fix backend lint

* Add archiver table on database

* Finish archive download

* Fix test

* Add database migrations

* Add status for archiver

* Fix lint

* Add queue

* Add doctor to check and delete old archives

* Improve archive queue

* Fix tests

* improve archive storage

* Delete repo archives

* Add missing fixture

* fix fixture

* Fix fixture

* Fix test

* Fix archiver cleaning

* Fix bug

* Add docs for repository archive storage

* remove repo-archive configuration

* Fix test

* Fix test

* Fix lint

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
5f2ef17fdb
Don't WARN log UserNotExist errors on ExternalUserLogin failure () 
Instead log these at debug - with warn logging for other errors.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
d13a0e621b
Do not show No match found for tribute () 
Tribute.js will show an untranslated no match found if no emoji or mentions.

Further the mentions should really require a preceding space.

This PR fixes both of these.

Signed-off-by: Andrew Thornton <art27@cantab.net>
4cc63e9919
Fix diff expansion is missing final line in a file () 
* Fixed down offset.

* Fixed wrong line count result.
fd6b1be1b6
Replace ARCCache with TwoQueueCache to avoid patent issue () 
Co-authored-by: Mura Li <typeless@users.noreply.github.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
6c3433151f
API: Allow COMMENT reviews to not specify a body () 
* Allow COMMENT reviews to not specify a body

when using web ui there is no need to specify a body.
so we don't need to specify a body if adding a COMMENT-review
via our api.

* Ensure comments or Body is provided

and add some integration tests for reviewtype COMMENT.

Signed-off-by: Sebastian Sauer <sauer.sebastian@gmail.com>
44b8b07631
Add tag protection () 
* Added tag protection in hook.

* Prevent UI tag creation if protected.

* Added settings page.

* Added tests.

* Added suggestions.

* Moved tests.

* Use individual errors.

* Removed unneeded methods.

* Switched delete selector.

* Changed method names.

* No reason to be unique.

* Allow editing of protected tags.

* Removed unique key from migration.

* Added docs page.

* Changed date.

* Respond with 404 to not found tags.

* Replaced glob with regex pattern.

* Added support for glob and regex pattern.

* Updated documentation.

* Changed white* to allow*.

* Fixed edit button link.

* Added cancel button.

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
3ef23d5411
Use gitea logging module for git module () 
remove log() func from gogs times and switch to proper logging

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
f573e93ed4
Fix heatmap activity () 
* Group heatmap actions by 15 minute intervals

Signed-off-by: Sidd Weiker <siddweiker@gmail.com>

* Add multi-contribution test for user heatmap

Signed-off-by: Sidd Weiker <siddweiker@gmail.com>

* Add timezone aware summation for activity heatmap

Signed-off-by: Sidd Weiker <siddweiker@gmail.com>

* Fix api user heatmap test

Signed-off-by: Sidd Weiker <siddweiker@gmail.com>

* Update variable declaration style

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
31acd3c0c2
Prevent webhook action buttons from shifting () 
On long webhook urls the action buttons (edit, delete) have been shifted
by the url text.

Signed-off-by: Steven Kriegler <61625851+justusbunsi@users.noreply.github.com>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
06f483d0c4
Append to existing trailers in generated squash commit message () 
* Remove superfluous newline before Co-authored-by trailers

* Append to existing PR description trailer section

If the existing PR description message already contains a trailer section (e.g. Signed-off-by: ),
append to it instead of creating a new trailer section.

* Reuse compiled regexp

* Simplify regex and deal with trailing \n in PR description

* Add tests for CommitMessageTrailersPattern

- add support for Key:Value (no space after colon)
- add support for whitespace "folding"

* Update services/pull/pull_test.go

Co-authored-by: Norwin <noerw@users.noreply.github.com>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Norwin <noerw@users.noreply.github.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
1a1ce9b721
Fuzzer finds an NPE due to incorrect URLPrefix () 
The Fuzzer is running on a non-repo urlprefix which is incorrect for RenderRaw

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
9b33d18899
Added support for gopher URLs. () 
* Added support for gopher URLs.

* Add setting and make this user settable instead

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Andrew Thornton <art27@cantab.net>
62a4879e84
Improve efficiency in FindRenderizableReferenceNumeric and getReferences () 
* Fuzzer finds an NPE due to incorrect URLPrefix

The Fuzzer is running on a non-repo urlprefix which is incorrect for RenderRaw


* Make FindRenderizableReferenceNumeric and getReferences more efficient

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
622f1e764c
Add better errors for disabled account recovery () 
Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
e673e42f7e
Fixed issues not updated by commits () 
`UpdateIssuesCommit` may get called with fewer commits because of `FeedMaxCommitNum` and therefore may miss some commands.
e3c626834b
Let package git depend on setting but not opposite () 
* Let package git depend on setting but not opposite

* private some package variables
19ac575d57
Limit stdout tracelog to actual stdout () 
Related 

Signed-off-by: Andrew Thornton <art27@cantab.net>
22a0636544
Add Visible modes function from Organisation to Users too () 
You can limit or hide organisations. This pull make it also posible for users

- new strings to translte
- add checkbox to user profile form
- add checkbox to admin user.edit form
- filter explore page user search
- filter api admin and public user searches
- allow admins view "hidden" users
- add app option DEFAULT_USER_VISIBILITY
- rewrite many files to use Visibility field
- check for teams intersection
- fix context output
- right fake 404 if not visible

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Andrew Thornton <art27@cantab.net>
35f37a3625
Add --quiet and --verbose to gitea web to control initial logging () 
One of the repeatedly reported issues has been that gitea produces too much console
logging during set up even if the console logger is turned off.

Fundamentally this is due to some otherwise very helpful logging that has to occur
before logging is set up. This has come to a head with the merging of  where
otherwise potentially helpful Trace logging in the git module now appears on the
console.

This PR proposes three things:

1. Change the initial default logger to Info not Trace.
2. Change the logging for the AppPath things to Info in recompense.
3. Add two new command line options to gitea web: --quiet and --verbose

`gitea web -q` or `gitea web --quiet` will only log Fatal level initially.
`gitea web -verbose` will log at Trace.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
f533b5d5cf
Make app.ini more restrictive on new installations () 
Signed-off-by: Steven Kriegler <61625851+justusbunsi@users.noreply.github.com>
eee03ae90a
Add scroll-margin-top to account for sticky header () 
Fixes 

Co-authored-by: zeripath <art27@cantab.net>
615001d746
review comments: break-word for long file names () 
* review comments: break-word for long file names

fixes 

Co-authored-by: zeripath <art27@cantab.net>
0b27b93728
Make allowed Visiblity modes configurable for Users () 
Now that  is merged, some sites may wish to enforce that users are all public, limited or private, and/or disallow users from becoming private.

This PR adds functionality and settings to constrain a user's ability to change their visibility.

Co-authored-by: zeripath <art27@cantab.net>
9b1b4b5433
Refactor Webhook + Add X-Hub-Signature () 
This PR removes multiple unneeded fields from the `HookTask` struct and adds the two headers `X-Hub-Signature` and `X-Hub-Signature-256`.

## ⚠️ BREAKING ⚠️ 

* The `Secret` field is no longer passed as part of the payload.
* "Breaking" change (or fix?): The webhook history shows the real called url and not the url registered in the webhook (`deliver.go`@129).

Close 
Fixes 
Fixes 

Co-authored-by: zeripath <art27@cantab.net>
fe66b612b5
Add previous/next buttons to review comments () 
Co-authored-by: Norwin <noerw@users.noreply.github.com>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
9a0cd3af3b
Handle misencoding of login_source cfg in mssql () 
* Handle misencoding of login_source cfg in mssql

Unfortunately due a bug in xorm (see https://gitea.com/xorm/xorm/pulls/1957) updating
loginsources on MSSQL causes them to become corrupted. ()

Whilst waiting for the referenced PR to be merged and to handle the corrupted
loginsources correctly we need to add a wrapper to the `FromDB()` methods to look
for and ignore the misplaced BOMs that have been added.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update models/login_source.go
9c6aeb47f7
Link to previous blames in file blame page () 
Adds a link to each blame hunk, to view the blame of an earlier version of the file, similar to GitHub. Also refactors the blame render from fmtstring based to template based.

* Fix blame bottom line and add blame prior button

* Jump to previous parent commit from the commit.

* Fix previous commit link

* Fix previous blame link

* Fix the given file not exist in the previous commit.

* Fix blameRow struct not export

* fix theming issues, rename template var

* remove unused LastCommit fetch

* fix location of blame-hunk divider

* rewrite previous commit checks

* remove duplicate commit lookup

its already resolved and stored in ctx.Repo.Commit!

* split out blamePart processing into function

Co-authored-by: rogerluo410 <rogerluo410@gmail.com>
5c80ecc2f7
Counterwork seemingly unclickable repo button labels () 
As title, the change counter-works the effect from  that links seem unclickable (especially in the default gitea theme), while maintaining some sort of visual harmony.

Co-authored-by: Andrew Thornton <art27@cantab.net>
f825f20d49
Upgrade Gliderlabs SSH to 0.3.3 and add FailedConnectionCallback () 
* Upgrade Gliderlabs SSH to 0.3.3 and add FailedConnectionCallback

Following the merging of https://github.com/gliderlabs/ssh/pull/143 we
can now report connections to the ssh server that have failed before
public key exchange has completed using the standard fail2ban message.

This PR updates Gliderlabs SSH and adds a callback that will provide this
logging.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* move the callback to its own function to make the logging appear little nicer

Signed-off-by: Andrew Thornton <art27@cantab.net>
2f3d3ac20b
Update fail2ban documentation () 
Following the merge of  we need to update the fail2ban
documentation to take account of the availability of the new
sshConnectionFailed failed authentication attempt log message.

Also add a deprecation notice regarding the previous publicKeyHandler
messages, as these may be a source of false positives.

Signed-off-by: Andrew Thornton <art27@cantab.net>
aac663e0da
Implemented head_commit for webhooks () 
* Removed Len field.

* Added head_commit webhook field.

* Added comment for returns.
653704c102
Add Vultr and DO Marketplace links () 
* fix emoji img path

* move cloudron

* Add Vultr and DO
add74fb368
Fix panic in recursive cache () 
There is a bug with last commit cache recursive cache where the last
commit information that refers to the current tree itself will cause a
panic due to its path ("") not being included in the expected tree entry
paths.

This PR fixes this by skipping the missing entry.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
dea7a5c5b9
just add some unit tests () 
* code.gitea.io/gitea/routers/utils coverage: 100.0%

* code.gitea.io/gitea/routers/install 0% -> 5.0%

* ConvertUtf8ToUtf8mb4: make sure DBType is mysql
e8c6cead0f
Fix list_options GetStartEnd () 
end is start + pageSize and not start + page
0966349354
Make the github migration less rate limit waiting to get comment per page from repository but not per issue () 
* Make the github migration less rate limit waiting to get comment per page from repository but not per issue

* Fix lint

* adjust Downloader interface

* Fix missed reviews

* Fix test

* Remove unused struct
66bf74d1b9
Escape reference to `user` table in models.SearchEmails () 
Fix 

Signed-off-by: Adyanth H <adyanthh@gmail.com>
7d70a6eff8
Fix webhook commits wrong hash on HEAD reset () 
Use `..` instead of `...` with `rev-list`. In combination with  the receiver can get the correct commit. The behaviour is now like Github.

fixes
71c7d0a993
Fix default push instructions on empty repos () 
* Fix default push instructions on empty repos

Use script block like in `repo/clone_buttons.tmpl` to set default instructions
for pushing to empty repos.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
365c4e9316
Add button to delete undeleted repositories from failed migrations () 
This PR adds a button to delete failed repositories if there has been a
failure during migration and for whatever reason the repository doesn't
get deleted automatically.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
302e8b6d02
Prevent zombie processes () 
Unfortunately go doesn't always ensure that execd processes are completely
waited for. On linux this means that zombie processes can occur.

This PR ensures that these are waited for by using signal notifier in serv and
passing a context elsewhere.

Signed-off-by: Andrew Thornton <art27@cantab.net>
9979983283
Update Go-Git to take advantage of LargeObjectThreshold () 
Following the merging of https://github.com/go-git/go-git/pull/330 we
can now add a setting to avoid go-git reading and caching large objects.

Signed-off-by: Andrew Thornton <art27@cantab.net>
ce286f9d9c
Support custom mime type mapping for text files () 
* Support custom mime type mapping for text files

* Apply suggested change to routers/common/repo.go

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
dfa18a8b1c
Introduce NotifySubjectType () 
* Introduce NotifySubjectType

* update swagger docs
fc1d9629c6
Clarify GPG binary check () 
fixes 

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
a3476e5ad5
Wrap around for previous/next buttons () 
Fixes 

Wrap around from last to first comment when clicking "Next" on last comment.
Wrap around from first to last comment when clicking "Previous" on first comment.
92328a3394
Add API to get commits of PR () 
* Add API to get commits of PR

fixes 

Co-authored-by: Andrew Bezold <andrew.bezold@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
836884429a
Add forge emojies () 
* codeberg :codeberg:
* gitlab :gitlab:
* git :git:
* github :github:
* gogs :gogs:
62c278e4ab
Fix modified files list in webhooks when there is a space () 
* Fix modified files list in webhooks when there is a space

There is an unfortunate bug with GetCommitFileStatus where files with
spaces are misparsed and split at the space.

There is a second bug because modern gits detect renames meaning that
this function no longer works correctly.

There is a third bug in that merge commits don't have their modified
files detected correctly.

Fix 


Signed-off-by: Andrew Thornton <art27@cantab.net>
f166f9b2e1
Fix U2F error reasons always hidden () 
This strict equality check in `u2fError` was causing the error
description to hide immediately after showing. `Object.keys`
always returns strings, but `errorType` argument is usually a
number type.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: zeripath <art27@cantab.net>
fae07cbc8f
Update Vendor () 
* Add Dependencie Update Script

* update gitea.com/lunny/levelqueue

* update github.com/PuerkitoBio/goquery

* update github.com/alecthomas/chroma

* update github.com/blevesearch/bleve/v2

* update github.com/caddyserver/certmagic

* update github.com/go-enry/go-enry/v2

* update github.com/go-redis/redis/v8

* update github.com/hashicorp/golang-lru

* update github.com/klauspost/compress

* update github.com/markbates/goth

* update github.com/mholt/archiver/v3

* update github.com/microcosm-cc/bluemonday

* update github.com/minio/minio-go/v7

* update github.com/olivere/elastic/v7

* update github.com/xanzy/go-gitlab

* update github.com/yuin/goldmark
32fd11395b
Fix relative links in postprocessed images () 
If a pre-post-processed file contains relative img tags these need to be updated
and joined correctly with the prefix. Finally, the node attributes need to be updated.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
5bb97a12d7
Creating a repo from a template repo via API () 
* Creating a repo from a template repo via API

fix 
ref:
https://docs.github.com/en/rest/reference/repos#create-a-repository-using-a-template

Signed-off-by: a1012112796 <1012112796@qq.com>
1b29747f0f
Changelog for v1.14.4 () () 
* Changelog for v1.14.4 ()

* docs: bump version

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
9543e068e9
Fix typo in customizing-gitea.en-us.md () 
Fixed a type in a URL in PlantUML code example in `customizing-gitea.en-us.md`.
7613f31c6b
Update vendor 20210707 () 
* update gitea.com/go-chi/binding

* update github.com/blevesearch/bleve/v2

* update github.com/caddyserver/certmagic

* update github.com/go-git/go-git/v5

* update github.com/lafriks/xormstore

* update github.com/yuin/goldmark

* Revert "update gitea.com/go-chi/binding"

This reverts commit dea2f292b116114f9316fab95c5fd124174da404.
061a8e7bb9
Alpine 3.14 released () 
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
b06342f29c
fix: not able to update local created non-urlencoded wiki pages () 
* fix: not able to update local created non-urlencoded wiki pages

* tidy code

* as per suggestion

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Don't replace space to dash for unescaped wiki filename

Co-authored-by: zeripath <art27@cantab.net>

* Remove incorrect comment

* Remove NameToUnescapedFilename()

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
e0296b6a6d
Fix various documentation, user-facing, and source comment typos () 
* Fix various doc, user-facing, and source comment typos

Found via `codespell -q 3 -S ./options/locale,./vendor -L ba,pullrequest,pullrequests,readby`
fc1607b368
Fix source typos () 
* Fix source typos

Follow up to e0296b6a6  
Found via `codespell -q 3 -S ./options/locale,./vendor -L ba,pullrequest,pullrequests,readby`

* rm "ignore destory on `make misspell-check`"

Co-authored-by: 6543 <6543@obermui.de>
d06f9ce274
Redirect on bad CSRF instead of presenting bad page () 
The current CSRF handler is a bit harsh with bad CSRF tokens on webpages
I think we can be a little kinder and redirect to base page with a flash error

Signed-off-by: Andrew Thornton <art27@cantab.net>
5e819ee1de
specify user in rootless container numerically () 
* specify user in rootless container numerically

With kubernetes' PodSecurityPolicy set to runAsNonRoot it will not allow starting the container.  The error message is
```
Error: container has runAsNonRoot and image has non-numeric user (git), cannot verify user is non-root
```
The `USER` directive has to be numerical for that to work.

* mention the name of the uid/gid

Co-authored-by: 6543 <6543@obermui.de>
91162bbaea
Update bluemonday to v1.0.15 () 
* update github.com/microcosm-cc/bluemonday

* add exec flag to contrib/update_dependencies.sh

* Fix TESTS
615444dcbd
Fix - rootless Docker user () 
Move comment to top of USER instruction
8cbb38f546
Added documentation about 413 errors with an nginx solution () 
* Added documentation about 413 errors with an nginx solution.

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Norwin <noerw@users.noreply.github.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
07284792d4
Fix invalid params and typo of email templates () 
Signed-off-by: Meano <meanocat@gmail.com>
2f725cbc9e
Add LRU mem cache implementation () 
The current default memory cache implementation is unbounded in size and number of
objects cached. This is hardly ideal.

This PR proposes creating a TwoQueue LRU cache as the underlying cache for Gitea.
The cache is limited by the number of objects stored in the cache (rather than size)
for simplicity. The default number of objects is 50000 - which is perhaps too small
as most of our objects cached are going to be much less than 1kB.

It may be worth considering using a different LRU implementation that actively limits
sizes or avoids GC - however, this is just a beginning implementation.

Signed-off-by: Andrew Thornton <art27@cantab.net>
5b1d0a7701
Replace `plugins/docker` with `techknowlogick/drone-docker`in ci () 
* plugins/docker -> techknowlogick/drone-docker

* It is multi-arch
18c18bb196
docs: rewrite email setup () 
* Add intro for both the docs page and mailer methods
  * Fix numbering level in SMTP section
  * Recommends implicit TLS

Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com>
46a4c6835d
Fix external renderer () 
* fix external renderer

* use GBackground context as fallback

* no fallback, return error

Co-authored-by: Lauris BH <lauris@nix.lv>
78118a3b02
Add checkbox to delete pull branch after successful merge () 
* Add checkbox to delete pull branch after successful merge

* Omit DeleteBranchAfterMerge field in json

* Log a warning instead of error when PR head branch deleted

* Add DefaultDeleteBranchAfterMerge to PullRequestConfig

* Add support for delete_branch_after_merge via API

* Fix for API: the branch should be deleted from the HEAD repo

If head and base repo are the same, reuse the already opened ctx.Repo.GitRepo

* Don't delegate to CleanupBranch, only reuse branch deletion code

CleanupBranch contains too much logic that has already been performed by the Merge

* Reuse gitrepo in MergePullRequest

Co-authored-by: Andrew Thornton <art27@cantab.net>
4ce32c9e93
Detect encoding changes while parsing diff () 
* Detect encoding changes while parsing diff
b81106be3f
Let branch/tag name be a valid ref to get CI status () 
* fix #16384#

* refactor: move shared helper func to utils package

* extend Tests

* use ctx.Repo.GitRepo if not nil
67f135ca5d
Fix archive error when rename repo or user () 
Use repo id instead of full name to generate archive path
b82293270c
Add option to provide signature for a token to verify key ownership () 
* Add option to provide signed token to verify key ownership

Currently we will only allow a key to be matched to a user if it matches
an activated email address. This PR provides a different mechanism - if
the user provides a signature for automatically generated token (based
on the timestamp, user creation time, user ID, username and primary
email.

* Ensure verified keys can act for all active emails for the user

* Add code to mark keys as verified

* Slight UI adjustments

* Slight UI adjustments 2

* Simplify signature verification slightly

* fix postgres test

* add api routes

* handle swapped primary-keys

* Verify the no-reply address for verified keys

* Only add email addresses that are activated to keys

* Fix committer shortcut properly

* Restructure gpg_keys.go

* Use common Verification Token code

Signed-off-by: Andrew Thornton <art27@cantab.net>
57ee06fb94
fix calculation for finalPage in repo-search component () 
Co-authored-by: Jan Naahs <jan.naahs@naahstea.de>
3dba75fb97
Support HTTP/2 in Let's Encrypt () 
Modify the tlsConfig.NextProtos for Let's Encrypt and built-in HTTPS server in order to support HTTP/2.

Co-authored-by: 6543 <6543@obermui.de>
d26551bd0c
Load issue/PR context popup data only when needed () 
* Load issue/PR context popup data only when needed

* Add SVG icon Vue component

* Remove unneeded check
423a0fccb6
Fix activation of primary email addresses () 
* fix: primary email cannot be activated

* Primary email should be activated together with user account when
'RegisterEmailConfirm' is enabled.

* To fix the existing error state. When 'RegisterEmailConfirm' is enabled, the
admin should have permission to modify the activations status of user email.
And the user should be allowed to send activation to primary email.

* Only judge whether email is primary from email_address table.

* Improve logging and refactor isEmailActive

Co-authored-by: zeripath <art27@cantab.net>
8798e3a098
Use TrN helper for email templates () 
* Add TrN helper

* use TrN

* a nit
3dcb3e9073
Second attempt at preventing zombies () 
* Second attempt at preventing zombies

* Ensure that the pipes are closed in ssh.go
* Ensure that a cancellable context is passed up in cmd/* http requests
* Make cmd.fail return properly so defers are obeyed
* Ensure that something is sent to stdout in case of blocks here

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint 2

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint 3

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fixup

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
e180456983
Change docker tag logic () 
* Change docker logic

* Apply suggestions from code review

Co-authored-by: Kyle D. <kdumontnu@gmail.com>

* docs

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Kyle D. <kdumontnu@gmail.com>
efeb8e890b
Change the release cycle to match actual situations () 
* Change the release cycle to match actual situations

* Update CONTRIBUTING.md

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
33a8eec33e
Retry rename on lock induced failures () 
* Retry rename on lock induced failures

Due to external locking on Windows it is possible for an
os.Rename to fail if the files or directories are being
used elsewhere.

This PR simply suggests retrying the rename again similar
to how we handle the os.Remove problems.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* resolve CI fail

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
195c9999a1
Changelog for v1.15.0-rc1 () 
* changelog -m 1.15.0 generate

* enhance changelog

* Apply suggestions from code review

* Apply suggestions from code review

Co-authored-by: techknowlogick <matti@mdranta.net>

* move SECURITY before FEATURES

* move ENHANCEMENTS above BUGFIXES

* as per techknowlogick

* more

* node16

* Apply suggestions from code review

Co-authored-by: Kyle D. <kdumontnu@gmail.com>

* next

* Apply suggestions from code review

* Update CHANGELOG.md

Co-authored-by: Norwin <noerw@users.noreply.github.com>

* Update CHANGELOG.md

Co-authored-by: Lauris BH <lauris@nix.lv>

Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: Kyle D. <kdumontnu@gmail.com>
Co-authored-by: Norwin <noerw@users.noreply.github.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
ff69dfff7a
microbadger is no more, rm from readme () 
* microbadger is no more, rm from readme

* Update README_ZH.md
251d7f524a
Check user instead of organization when creating a repo from a template via API () 
* Check user instead of organization

* Enforce that only admins can copy a repo to another user
908136c557
add configuration option to restrict users by default () 
* add configuration option to restrict users by default

* default IsRestricted permission only set on sign up

setting this in the model messes with other workflows (e.g. syncing LDAP users) where the IsRestricted permission needs to be explicitly set and not overridden by a config value

* fix formatting

* Apply suggestions from code review

* ensure newly created user is set to restricted

* ensure imports are in the correct order

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
d7ee5dc775
Update documentation to reflect () 
The move to render custom/public as within /assets in  missed updating
several documentation pages.

This PR updates this documentation.

Signed-off-by: Andrew Thornton <art27@cantab.net>
fdb0e82148
Fix crash following ldap authentication update () 
Unfortunately  contained a terrible error, whereby there was a double
indirection taken when unmarshalling the source data. This fatally breaks
authentication configuration reading.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
7b31aae414
revert to use alpine 3.13 () 
Co-authored-by: zeripath <art27@cantab.net>
95f40047ef
Extend the fail2ban instructions with a hint on how to make X-Real-IP… () 
Following the merging of  - Gitea is a lot more strict regarding the interpretation of `X-Real-IP` and `X-Forwarded-For` headers.

This PR updates the fail2ban documentation to include hints to set: `REVERSE_PROXY_TRUSTED_PROXIES` and `REVERSE_PROXY_LIMIT` appropriately.

See discussion in 

Co-authored-by: zeripath <art27@cantab.net>
6d8648ce06
Frontport v1.14.5 () 
* Frontport v1.14.5

Frontport 

Frontport the changelog from v1.14.5

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update config.yaml

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
b08e14bbcf
Retry rename on lock induced failures (re-fix) () 
Unfortunately  asserts the wrong error and should use
os.LinkError not os.PathError.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
93f31e1897
Update notification table with only latest data () 
When marking notifications read the results may be returned out of order
or be delayed.  This PR sends a sequence number to gitea so that the
browser can ensure that only the results of the latest notification
change are shown.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
e83abfc289
Prevent race in TestPersistableChannelQueue () 
* Prevent race in TestPersistableChannelQueue

A slight race has become apparent in the TestPersistableChannelQueue.

This PR simply adds locking to prevent the race.

* make print value of "$(GOTESTFLAGS)" on test-backend and unit-test-coverage


Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
ec357833bc
show tag name on dashboard items list () 
fix 

Signed-off-by: a1012112796 <1012112796@qq.com>
fd3f149abd
Improve 2FA autofill () 
This improves the autofill suggestion on mobile devices and some password managers
43262226db
Fix data race in bleve indexer () 
* Fix data race in bleve indexer
e01b782f33
fix: support delete non-urlencoded wiki page () 
* fix: support delete non-urlencoded wiki page

* fix: check error
2635778425
Add basic edit ldap auth test & actually fix () 
One of the reasons why  was needed and why  was needed in
the first place was because it appears that editing ldap configuration
doesn't get tested.

This PR therefore adds a basic test that will run the edit pipeline.

In doing so it's now clear that  and  aren't actually
solving . It turns out that what actually happens is that is that
the bytes are actually double encoded.

This PR now changes the json unmarshal wrapper to handle this double
encode.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
b26c3b482f
Add TestPrepareWikiFileName () 
* Add TestPrepareWikiFileName

* use LsTree as LsFiles is index only

* ajust other tests

Co-authored-by: Andrew Thornton <art27@cantab.net>
97381aad5d
Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end () 
Fix  (again!)

* handle sharing violation error code

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
49bd9a1111
Fix race in log () 
A race has been detected in  relating to getting log levels.

This PR protects the GetLevel and GetStacktraceLevel calls with a RW mutex.

Signed-off-by: Andrew Thornton <art27@cantab.net>
28f6f7bb03
Restore CORS on git smart http protocol () 
Unfortunately the chi changes have resulted in the CORS headers for the
git smart http protocol going missing.

This is mostly because the OPTIONS method is not being handled by
httpBase anymore.

This PR adds a GetOptions, PostOptions and Options methods to web
handler to allow OPTIONS method requests to still reach the httpBase
function.

Fix 
Close 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
ef395286bf
update `user/repos` api description () 
Currently states 

> List the repos that the authenticated user owns or has access to

but the endpoint does not list all repos a user has access to, only the ones a user owns

(Also verified and discussed in Discord)

Fixes
1ce4fb256f
Restore creation of git-daemon-export-ok files () 
Somewhere along the line the creation of git-daemon-export-ok
files disappeared but the updating of these files when
repo visibility changes remained. The problem is that the
current state will create files even when the org or user
is private.

This PR restores creation correctly.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
81091c4f34
Changelog for 1.15.0-rc2 () () 
* Changelog for 1.15.0-rc2

Results of `~/go/bin/changelog -m 1.15.0 --after 16422 generate`

We need to release RC2 as there are mulitple problems with alpine 3.14 related to
the seccomp issues on Docker <20.
078e2b2c39
Add support for corporate WeChat webhooks () 
* 企业微信webhook

* 企业微信webhook

* 企业微信webhook

* Update templates/admin/hook_new.tmpl

Co-authored-by: a1012112796 <1012112796@qq.com>

* Update services/webhook/wechatwork.go

Co-authored-by: a1012112796 <1012112796@qq.com>

* 修善wechatwork

* 修善wechatwork

* fix

* Update locale_cs-CZ.ini

fix

* fix build

* fix

* fix build

* make webhooks.zh-cn.md

* delet unnecessary blank line

* delet unnecessary blank line

* 企业微信webhook

* 企业微信webhook

* 企业微信webhook

* Update templates/admin/hook_new.tmpl

Co-authored-by: a1012112796 <1012112796@qq.com>

* Update services/webhook/wechatwork.go

Co-authored-by: a1012112796 <1012112796@qq.com>

* 修善wechatwork

* 修善wechatwork

* fix

* fix build

* fix

* fix build

* make webhooks.zh-cn.md

* delet unnecessary blank line

* delet unnecessary blank line

* 企业微信webhook

* 企业微信webhook

* 企业微信webhook

* 企业微信webhook

* 企业微信webhook

* fix

* fix

* 企业微信webhook

* 企业微信webhook

* 企业微信webhook

* fix wechat

* fix wechat

* fix wechat

* fix wechat

* Fix invalid params and typo of email templates ()

Signed-off-by: Meano <meanocat@gmail.com>

* Add LRU mem cache implementation ()

The current default memory cache implementation is unbounded in size and number of
objects cached. This is hardly ideal.

This PR proposes creating a TwoQueue LRU cache as the underlying cache for Gitea.
The cache is limited by the number of objects stored in the cache (rather than size)
for simplicity. The default number of objects is 50000 - which is perhaps too small
as most of our objects cached are going to be much less than 1kB.

It may be worth considering using a different LRU implementation that actively limits
sizes or avoids GC - however, this is just a beginning implementation.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* [skip ci] Updated translations via Crowdin

* Replace `plugins/docker` with `techknowlogick/drone-docker`in ci ()

* plugins/docker -> techknowlogick/drone-docker

* It is multi-arch

* docs: rewrite email setup ()

* Add intro for both the docs page and mailer methods
  * Fix numbering level in SMTP section
  * Recommends implicit TLS

Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com>

* Validate Issue Index before querying DB ()

* Fix external renderer ()

* fix external renderer

* use GBackground context as fallback

* no fallback, return error

Co-authored-by: Lauris BH <lauris@nix.lv>

* Add checkbox to delete pull branch after successful merge ()

* Add checkbox to delete pull branch after successful merge

* Omit DeleteBranchAfterMerge field in json

* Log a warning instead of error when PR head branch deleted

* Add DefaultDeleteBranchAfterMerge to PullRequestConfig

* Add support for delete_branch_after_merge via API

* Fix for API: the branch should be deleted from the HEAD repo

If head and base repo are the same, reuse the already opened ctx.Repo.GitRepo

* Don't delegate to CleanupBranch, only reuse branch deletion code

CleanupBranch contains too much logic that has already been performed by the Merge

* Reuse gitrepo in MergePullRequest

Co-authored-by: Andrew Thornton <art27@cantab.net>

* [skip ci] Updated translations via Crowdin

* Detect encoding changes while parsing diff ()

* Detect encoding changes while parsing diff

* Let branch/tag name be a valid ref to get CI status ()

* fix #16384#

* refactor: move shared helper func to utils package

* extend Tests

* use ctx.Repo.GitRepo if not nil

* fix

* fix

* 企业微信webhook

* 企业微信webhook

* 企业微信webhook

* fix build

* fix build

* Apply suggestions from code review

Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: myheavily <myheavily>
Co-authored-by: zhaoxin <gitea@fake.local>
Co-authored-by: Meano <Meano@foxmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: GiteaBot <teabot@gitea.io>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Bagas Sanjaya <bagasdotme@gmail.com>
Co-authored-by: Norwin <noerw@users.noreply.github.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Jimmy Praet <jimmy.praet@telenet.be>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
9421bfedb3
Fix issue pasted image missing if no release permission () 
* Fix issue pasted image missing if no release permission

* Update routers/web/web.go

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
f135a818f5
Make Mermaid.js limit configurable () 
* Make Mermaid.js limit configurable

Add `MERMAID_MAX_SOURCE_CHARACTERS` to `[markup]` settings
to make the maximum size of a mermaid render configurable.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fixup! Make Mermaid.js limit configurable

* Update custom/conf/app.example.ini

Co-authored-by: silverwind <me@silverwind.io>

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-authored-by: silverwind <me@silverwind.io>

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
5d2e11eedb
Refactor: Move login out of models () 
`models` does far too much. In particular it handles all `UserSignin`.

It shouldn't be responsible for calling LDAP, SMTP or PAM for signing in.

Therefore we should move this code out of `models`.

This code has to depend on `models` - therefore it belongs in `services`.

There is a package in `services` called `auth` and clearly this functionality belongs in there.

Plan:

- [x] Change `auth.Auth` to `auth.Method` - as they represent methods of authentication.
- [x] Move `models.UserSignIn` into `auth`
- [x] Move `models.ExternalUserLogin`
- [x] Move most of the `LoginVia*` methods to `auth` or subpackages
- [x] Move Resynchronize functionality to `auth`
  - Involved some restructuring of `models/ssh_key.go` to reduce the size of this massive file and simplify its files.
- [x] Move the rest of the LDAP functionality in to the ldap subpackage
- [x] Re-factor the login sources to express an interfaces `auth.Source`?
  - I've done this through some smaller interfaces Authenticator and Synchronizable - which would allow us to extend things in future
- [x] Now LDAP is out of models - need to think about modules/auth/ldap and I think all of that functionality might just be moveable
- [x] Similarly a lot Oauth2 functionality need not be in models too and should be moved to services/auth/source/oauth2
  - [x] modules/auth/oauth2/oauth2.go uses xorm... This is naughty - probably need to move this into models.
  - [x] models/oauth2.go - mostly should be in modules/auth/oauth2 or services/auth/source/oauth2 
- [x] More simplifications of login_source.go may need to be done
- Allow wiring in of notify registration -  *this can now easily be done - but I think we should do it in another PR*  - see  
- More refactors...?
  - OpenID should probably become an auth Method but I think that can be left for another PR
  - Methods should also probably be cleaned up  - again another PR I think.
  - SSPI still needs more refactors.* Rename auth.Auth auth.Method
* Restructure ssh_key.go

- move functions from models/user.go that relate to ssh_key to ssh_key
- split ssh_key.go to try create clearer function domains for allow for
future refactors here.

Signed-off-by: Andrew Thornton <art27@cantab.net>
29a22ade82
switch to maintained lib () 
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Andrew Thornton <art27@cantab.net>
e0f9635c06
Add Linode as an installation option in docs () 
Add Linode as an installation option in docs

Co-authored-by: zeripath <art27@cantab.net>
9f31f3aa8a
Add an abstract json layout to make it's easier to change json library () 
* Add an abstract json layout to make it's easier to change json library

* Fix import

* Fix import sequence

* Fix blank lines

* Fix blank lines
fd15fd4c67
Handle too long PR titles correctly () 
The CompareAndPullRequestPost handler for POST to /compare
incorrectly handles returning errors to the user. For a start
it does not set the necessary markers to switch SimpleMDE
but it also does not immediately return to the form.

This PR fixes this by setting the appropriate values, fixing
the templates and preventing the suggestion of a too long
title.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
6a33b290a0
Fix add authentication page () 
* Fix add authentication page

There is a regression in  whereby the add authentication page
fails to react to the change in selected type.

This is due to the String() method on the LoginSourceType which is ameliorated
with an Int() function being added.

Following on from this there are a few other related bugs.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
7c7771e42b
Fix session bugs () 
* fix deadlog bug

* Fix models/issue_stopwatch.go

* Update models/issue_stopwatch.go

Co-authored-by: zeripath <art27@cantab.net>
9102738797
not show private user's repo in explore view () 
after , visibility is also usefull for user,
so this limit is not usefull.

fix
3705168837
Add agit flow support in gitea () 
* feature: add agit flow support

ref: https://git-repo.info/en/2020/03/agit-flow-and-git-repo/

example:

```Bash
git checkout -b test
echo "test" >> README.md
git commit -m "test"
git push origin HEAD:refs/for/master -o topic=test
```

Signed-off-by: a1012112796 <1012112796@qq.com>

* fix lint

* simplify code add fix some nits

* update merge help message

* Apply suggestions from code review. Thanks @jiangxin

* add forced-update message

* fix lint

* splite writePktLine

* add refs/for/<target-branch>/<topic-branch> support also

* Add test code add fix api

* fix lint

* fix test

* skip test if git version < 2.29

* try test with git 2.30.1

* fix permission check bug

* fix some nit

* logic implify and test code update

* fix bug

* apply suggestions from code review

* prepare for merge

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix permission check bug

- test code update
- apply suggestions from code review @zeripath

Signed-off-by: a1012112796 <1012112796@qq.com>

* fix bug when target branch isn't exist

* prevent some special push and fix some nits

* fix lint

* try splite

* Apply suggestions from code review

- fix permission check
- handle user rename

* fix version negotiation

* remane

* fix template

* handle empty repo

* ui: fix  branch link under the title

* fix nits

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
4e68d6f41d
Show correct text when comparing commits on empty pull request () 
* fix

* use own text

* Update templates/repo/commits_table.tmpl

Co-authored-by: marty <m.karkossa@ultraware.nl>
Co-authored-by: zeripath <art27@cantab.net>
b9a0e33238
Pre-fill suggested New File 'name' and 'content' with Query Params () 
* feature: add (GitHub-style) querystrings for pre-filling new file content

* docs: add query parameters for new files
72738f0cb5
Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup () 
This PR has two parts:

* Add locking to goth and gothic calls with a RWMutex

The goth and gothic calls are currently unlocked and thus are a cause of multiple potential races

* Reattempt OAuth2 registration on login if registration failed

If OAuth2 registration fails at startup we currently disable the login_source however an alternative approach could be to reattempt registration on login attempt.
    
Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
e3b6526922
Use node:16.5 for frontend instead of node:16 () 
* Disable frontend testing

Jest does not appear to work on the latest node 16.6.0 and fails with an inscrutable
message.

I have been unable to work out what the problem is. This PR simply disables the
test-frontend part in the makefile.

Another alternative would be to drop node to node 14 - which is the LTS for node.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* actually just tell on 16.5 instead

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Use node 16.5 instead of 16

Signed-off-by: Andrew Thornton <art27@cantab.net>
d686d7b052
Fix swagger doc by rename repoAddTopíc to repoAddTopic () 
* Swagger API: rename repoAddTopíc to repoAddTopic

This changes the operationId to only contain 7 bit ascii, note "í" instead of "i"
e51c73ae5c
Fix 500 on first wiki page () 
* Fix 500 on first wiki page

There is a mistake in  and  which means that the first time
a wiki page is created a 500 is reported because the `master` branch is
not in existence in that wiki yet.

This PR simply checks for this error and returns not found.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
48c7c880b8
Swagger AccessToken fixes () 
There is a subtle problem with the Swagger definition for AccessTokens which causes
autogeneration of APIs for these endpoints to fail.

This PR corrects these errors.

Ref: https://github.com/zeripath/java-gitea-api/issues/4
Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
24366eddec
[CI] Use node v14 instead of node v16 untill it will pass again () 
* for CI release: use node 14 (lts) to build until 16 do fail

* all in for node v14.x
1fc7d6d6ad
Fix table alignment in markdown () 
Set the TableOptions in markdown to allow alignment of the tables to work correctly

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
a51cb3d4cb
Make PR merge options more intuitive () () 
Reword options making clear whether the PRed branch is rebased or not, and which type of commit will be created if any.
35735bbef9
Upgrade to golang-jwt 3.2.2 () 
* Upgrade to golang-jwt 3.2.2

Upgrade to the latest version of golang-jwt

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Forcibly replace the 3.2.1 version of golang-jwt/jwt and increase minimum Go version

Using go.mod we can forcibly replace the 3.2.1 version used by goth to 3.2.2.

Further given golang-jwt/jwts stated policy of only supporting supported go versions
we should just raise our minimal version of go to 1.16 for 1.16 as by time of release
1.15 will be out of support.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* update minimal go required

Signed-off-by: Andrew Thornton <art27@cantab.net>

* update config.yaml

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
7c4172ef71
Pass down SignedUserName down to AccessLogger context () 
* Pass down SignedUserName down to AccessLogger context

Unfortunately when the AccessLogger was moved back before the contexters the
SignedUserName reporting was lost. This is due to Request.WithContext leading to a
shallow copy of the Request and the modules/context/Context being within that request.

This PR adds a new context variable of a string pointer which is set and handled
in the contexters.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* handle nil ptr issue

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
19e2c6a302
Set AllowedHeaders on API CORS handler () 
Set AllowedHeaders on API CORS handler and add missing Access-Control-Expose-Headers
to pull API.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
806aa870cb
Switch back to node 16 () 
Now that node 16.6.1 is out we can (if desired) switch back to node 16.

This PR proposes changing drone to run node:16

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
3a1332c326
Update node tar dependency to 6.1.6 () 
Forcibly update dev dependency on tar to 6.1.6

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: 6543 <6543@obermui.de>
fd39e6dc6a
Fixes - duplicate csv import () 
Remove the unnecessary duplicate package import for `encoding/csv` in `modules/csv/csv.go`

Fix
6e6f23b315
Restore Accessibility for Dropdown () 
* Restore #10096/#8638 and re-fix 

This PR restores the vendored and patched dropdow from . It
however, abandons the calls to `click()` using instead the default
dropdown click calls instead. This prevents the issue of the dropdown
grabbing focus permanently however, this may have negative effects on
the effect of focus on the dropdowns.

Of note, the behaviour of the template selector dropdown on the repo
creation page is slightly odd - I don't believe that this odd behaviour
is caused by this PR but rather by the feed source for this. I suspect
that the dropdown should be adding a delete button to its selection.

Fix 
References: 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* leverage fomantic-build instead

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per jookia

Signed-off-by: Andrew Thornton <art27@cantab.net>
9430bb7f40
Frontport changelog for v1.14.6 () 
* Frontport changelog for v1.14.6

Changelog frontported to below v1.15.0-rc1.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update config.yaml

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
ab9bb54144
Add microsoft oauth2 providers () 
* Clean up oauth2 providers

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add AzureAD, AzureADv2, MicrosoftOnline OAuth2 providers

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

* remove unused Scopes

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
067d82b5a6
Prevent 500 on draft releases without tag () 
It is possible to create draft releases prior to creating a tag. This will cause a
500 on the releases page due to compare page failing.

This PR only shows the compare button if there is a SHA1 present.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
afd88a2418
Allow setting X-FRAME-OPTIONS () 
* Allow setting X-FRAME-OPTIONS

This PR provides a mechanism to set the X-FRAME-OPTIONS header.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-authored-by: John Olheiser <john.olheiser@gmail.com>

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
14762abf0b
Separate open and closed issue in metrics () 
* Get the issue counts in one query

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Andrew Thornton <art27@cantab.net>
59e6db0b65
Changelog for 1.15.0-rc3 () () 
Frontport 

 ## [1.15.0-rc3](https://github.com/go-gitea/gitea/releases/tag/v1.15.0-rc3) - 2021-08-06

* BREAKING
  * Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 () ()
* SECURITY
  * Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 () ()
  * Correctly create of git-daemon-export-ok files () ()
  * Don't show private user's repo in explore view () ()
  * Update node tar dependency to 6.1.6 () ()
* API
  * Swagger AccessToken fixes () ()
  * Set AllowedHeaders on API CORS handler () ()
* BUGFIXES
  * Restore Accessibility for Dropdown () ()
  * Pass down SignedUserName down to AccessLogger context () ()
  * Fix table alignment in markdown () ()
  * Fix 500 on first wiki page () ()
  * Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup () ()
  * Upgrade levelqueue to v0.4.0 () ()
  * Handle too long PR titles correctly () ()
  * Fix data race in bleve indexer () ()
  * Restore CORS on git smart http protocol () ()
  * Fix race in log () ()
  * Fix prepareWikiFileName to respect existing unescaped files () ()
  * Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end () ()
  * Update notification table with only latest data () ()
  * Revert to use alpine 3.13 () ()
  * Fix crash following ldap authentication update () ()
  * Fix direct creation of external users on admin page (partial ) ()
  * Prevent 500 on draft releases without tag () ()

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
9c116f2bb5
Restore compatibility with SQLServer 2008 R2 in migrations () 
* Restore compatibility with SQLServer 2008 R2 in migrations

`ALTER TABLE DROP ... IF EXISTS ...` is only supported in SQL Server >16.

The `IF EXISTS` here is a belt-and-braces and does not need to be present. Therefore
can be dropped.

We need to figure out some way of restricting our SQL syntax against the minimum
version of SQL Server we will support.

My suspicion is that `ALTER DATABASE database_name SET COMPATIBILITY_LEVEL = 100` may
do that but there may be other side-effects so I am not whether to do that.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* try just dropping the index only

Signed-off-by: Andrew Thornton <art27@cantab.net>

* use lowercase for system tables

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
eaa791bedd
Add Version info to migrations.go () 
Gitea migrations of 1.15.0 ends at v189
d9ef43a712
Replace `list.List` with slices () 
* Replaced list with slice.

* Fixed usage of pointer to temporary variable.

* Replaced LIFO list with slice.

* Lint

* Removed type check.

* Removed duplicated code.

* Lint

* Fixed merge.

Co-authored-by: 6543 <6543@obermui.de>
89245ee309
Upgrade github.com/google/go-github v32.1.0 -> v37.0.0 () 
* Upgrade github.com/google/go-github vv32.1.0 -> v37.0.0

* refactor: use GetX() func to reduce code
c4d70a0325
Rename ctx.Form() to ctx.FormString() and move code into own file () 
Followup from  prepare for 

* Rename ctx.Form() to ctx.FormString()
* Reimplement FormX func to need less code and cpu cycles
* Move code into own file
f1a810e090
Related refactors to ctx.FormX functions () 
* use FormTrim if posible

* speedup goGet

* only convert if nessesary
e29e163737
Improve SMTP authentication and Fix user creation bugs () 
* Improve SMTP authentication, Fix user creation bugs and add LDAP cert/key options

This PR has two parts:

Improvements for SMTP authentication:

* Default to use SMTPS if port is 465, and allow setting of force SMTPS.
* Always use STARTTLS if available
* Provide CRAM-MD5 mechanism
* Add options for HELO hostname disabling
* Add options for providing certificates and keys
* Handle application specific password response as a failed user login
instead of as a 500.

Close 

Fix creation of new users:

* A bug was introduced when allowing users to change usernames which
prevents the creation of external users.
* The LoginSource refactor also broke this page.

Close 

Signed-off-by: Andrew Thornton <art27@cantab.net>
162c32af7e
Send registration email on user autoregistration () 
When users login and are autoregistered send email notification.

Fix 

* Protect public functions within the mailer by testing if the mailer is configured

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
ca13e1d56c
Add link to vscode to repo header () 
add link to vscode to repo header

Signed-off-by: a1012112796 <1012112796@qq.com>
2289580bb7
[API] generalize list header () 
* Add info about list endpoints to CONTRIBUTING.md

* Let all list endpoints return X-Total-Count header 

* Add TODOs for GetCombinedCommitStatusByRef

* Fix models/issue_stopwatch.go

* Rrefactor models.ListDeployKeys

* Introduce helper func and use them for SetLinkHeader related func
5fbccad906
Fix NPE in fuzzer () 
The fuzzer found an issue with the issue pattern processor where there is a spurious
path.Clean which does not need to be there. This PR also sets the default AppURL for
the fuzzer too.

Signed-off-by: Andrew Thornton <art27@cantab.net>
7224cfc578
Upgrade xorm to v1.2.2 () 
* Upgrade xorm to v1.2.2

* Change the Engine interface to match xorm v1.2.2
3a6edd3685
Update issue_index to finish migration () 
* update issue_index to finish migration

* One Func to RecalculateIssueIndexForRepo
a4962a9440
Add filter by owner and team to issue/pulls search endpoint () 
* Filter by owner and team in API issue/pulls search

* Add integration test
23a87a003e
Ensure empty lines are copiable and final new line too () 
* Ensure empty lines are copiable and final new line too

When files are highlighted the newline character needs to be added in a whitespace
compliant mode. Also ensure the final empty newline is rendered.

Fix 

* Add test and ensure spans closed

Signed-off-by: Andrew Thornton <art27@cantab.net>
d17f555fe3
Improve resource string () 
* Improve resource string

Co-authored-by: zeripath <art27@cantab.net>
ea07726dc1
Update JS dependencies () 
* Update JS dependencies

- Update all JS dependencies
- Adapt to recent webpack changes
- Add new lint rules and fix issues
- Regenerate SVGs and update svgo api usage

Fixes: https://github.com/go-gitea/gitea/pull/16492

* adapt jest config and sort keys

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
274aeb3a9e
build with go1.17 () 
Co-authored-by: Lauris BH <lauris@nix.lv>
e0853d4a21
Add API Token Cache () 
One of the issues holding back performance of the API is the problem of hashing.
Whilst banning BASIC authentication with passwords will help, the API Token scheme
still requires a PBKDF2 hash - which means that heavy API use (using Tokens) can
still cause enormous numbers of hash computations.

A slight solution to this whilst we consider moving to using JWT based tokens and/or
a session orientated solution is to simply cache the successful tokens. This has some
security issues but this should be balanced by the security issues of load from
hashing.

Related 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
422c30d315
Refactored and fixed migration tests. () 
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
f9acad82ca
Add proxy settings and support for migration and webhook () 
* Add proxy settings and support for migration and webhook

* Fix default value

* Add newline for example ini

* Add lfs proxy support

* Fix lint

* Follow @zeripath's review

* Fix git clone

* Fix test

* missgin http requests for proxy

* use empty

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
9f0c8f90af
Fix migration svg color () 
* Fixed svg color.

* Use --color-text.

Co-authored-by: Lauris BH <lauris@nix.lv>
4aa3cacc4f
Add edit button to wiki sidebar and footer () 
* Add edit button to wiki sidebar and footer

* Make edit button transparent

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
c9bca8c5e0
Recreate Tables should Recreate indexes on MySQL () 
The MySQL indexes are not being renamed at the same time as RENAME table despite the
CASCADE. Therefore it is probably better to just recreate the indexes instead.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
4debb74eda
Fix wrong user in OpenID response () 
* Fixed usage of wrong user.

* Added tests.
03937891e2
Return nil proxy function if proxy not enabled () 
Signed-off-by: Andrew Thornton <art27@cantab.net>
3b2ed4762e
Do not use thin scrollbars on Firefox () 
In , thin scrollbars were added in Arc Green theme. It got moved
in base theme in .

This PR removes the use of thin scrollbars which causes an
accessibility issue. The scrollbars become too thin to be dragged.

Signed-off-by: Elouan Martinet <exa@elou.world>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
dc2613600c
Keep attachments on tasklist update () 
* Send attachments too.

* Use tasklist flag.

* use action="ignoreAttachments" instead of "tasklist"

* Use boolean parameter.

Co-authored-by: zeripath <art27@cantab.net>
3ecc4a1b9e
Fix dependency translations () 
Signed-off-by: Steven Kriegler <61625851+justusbunsi@users.noreply.github.com>
e9747de952
Fix dependency link rendering in PR sidebar () 
Signed-off-by: Steven Kriegler <61625851+justusbunsi@users.noreply.github.com>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: zeripath <art27@cantab.net>
0bd58d61e5
Added introspection endpoint. () 
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
cee5f7c5e2
Add migrate from OneDev () 
* Use context to simplify logic.

* Added migration from OneDev.
This PR adds [OneDev](https://code.onedev.io/) as migration source.

Supported:
- [x] Milestones
- [x] Issues
- [x] Pull Requests
- [x] Comments
- [x] Reviews
- [x] Labels
7f85610942
Fix openidConnect source regression from () 
Unfortunately there is bug in  meaning that openid connects aren't
being matched properly as the capitalisation in that PR is incorrect.

This PR changes the capitalisation back to what is expected.

Signed-off-by: Andrew Thornton <art27@cantab.net>
b55c699c62
Alter issue/comment table TEXT fields to LONGTEXT () 
* Alter issue/comment table TEXT fields to LONGTEXT

* Use If not Switch

Co-authored-by: zeripath <art27@cantab.net>
db1e3d02a5
frontport: 1.15.0 changelog () 
* frontport: 1.15.0 changelog

* Update config.yaml
73defbbd1c
Ensure that template compilation panics are sent to the logs () 
Although panics within the rendering pipeline are caught and dealt with,
panics that occur before that starts are unprotected and will kill Gitea
without being sent to the logs.

This PR adds a basic recovery handler to catch panics that occur after
the logger is initialised and ensure that they're sent to the logger.

Signed-off-by: Andrew Thornton <art27@cantab.net>
f31e7a67cf
Just use a slice when rendering file () 
Highlight currently uses a map which is memory inefficient. Switch to use a slice instead.

Signed-off-by: Andrew Thornton <art27@cantab.net>
1cd4a3b963
Update caddyserver/certmagic () 
Fixes issue with windows users & letsencrypt

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
921afb57fb
Add missing return to handleSettingRemoteAddrError () 
There is a missing return in handleSettingRemoteAddrError which means
that the error page for repo settings is duplicately rendered.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
648464b504
Add bundle download for repository () 
* Add bundle download

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Fix fmt

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Fix build tags

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Download specific commit

Signed-off-by: jolheiser <john.olheiser@gmail.com>
efaf109435
Add information for migrate failure () 
Improve the reporting of errors when there is a migration failure
4e761fa385
Fix branch pagination error () 
Fix 

Even if default branch is removed from the current page, but the total branches number should be still kept. So that the pagination calculation will be correct.
697213bdb3
Add primary_key to issue_index () 
Make the group_id a primary key in issue_index. This already has an unique index
and therefore is a good candidate for becoming a primary key.

This PR also changes all other uses of this table to add the group_id as the
primary key.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
b88dbe1208
Use a common quote to instead of check database type () 
`` ` `` will be converted to different database quote by xorm. So check database type is unnecessary.
20efc6b56c
Unify migration descriptions () 
* Unify migration descriptions

* Clarify that pure Git migration differs from other migrations

Co-authored-by: Norwin <noerw@users.noreply.github.com>

* Use Pull Requests for Gitea migration

Co-authored-by: Norwin <noerw@users.noreply.github.com>
Co-authored-by: zeripath <art27@cantab.net>
28ac4a7a87
Add EdDSA JWT signing algorithm () 
* Add EdDSA signing algorithm

* Fix typo

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
ba6baff696
Report the correct number of pushes on the feeds () 
* Report the correct number of pushes on the feeds

Since the number of commits in the Action table has been limited to 5
the number of commits reported on the feeds page is now incorrectly also
limited to 5. The correct number is available as the Len and this PR
changes this to report this.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update templates/user/dashboard/feeds.tmpl

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
b60e814055
Enable race detector for CI () 
* Enable race detector by default

Set RACE_ENABLED=0 to disable it when release

* Disable race detector for release builds

* use `true`

* fix

* debug issue

* fix

* verbose

* clean

* Fix wrong merge

* Fix coverage merge

Co-authored-by: Mura Li <typeless@users.noreply.github.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
e37342db0c
Add modals to Organization and Team remove/leave () 
* Add modals to Organization and Team remove/leave

Add confirmation modals to Organization and Team remove and leave.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* avoid for-in

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Revert "avoid for-in"

This reverts commit 2af9a6f9d46ed31b6fc6e3a29e695577dcf09f75.

* Apply suggestions from code review

Co-authored-by: silverwind <me@silverwind.io>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
cd8db3a83d
Prevent "Race" detected in TestAdmin*User () 
These tests are missing the defer prefix.

Related 

Signed-off-by: Andrew Thornton <art27@cantab.net>
88abb0dc8a
Decoupled code from DefaultSigningKey () 
Decoupled code from `DefaultSigningKey`. Makes testing a little bit easier and is cleaner.
1904941382
Add test to ensure that dumping of login sources remains correct () 
 has occurred because of a missed regression. This PR adds a simple test to
try to prevent this occuring again.

Signed-off-by: Andrew Thornton <art27@cantab.net>
cad70599a6
Refactor the fork service slightly to take ForkRepoOptions () 
* Refactor the fork service slightly to take ForkRepoOptions

This reduces the number of places we need to change if we want to add other
options during fork time.

Signed-off-by: Kyle Evans <kevans@FreeBSD.org>

* Fix integrations and tests after ForkRepository refactor

Signed-off-by: Kyle Evans <kevans@FreeBSD.org>

* Update OldRepo -> BaseRepo

Signed-off-by: Kyle Evans <kevans@FreeBSD.org>

* gofmt pass

Signed-off-by: Kyle Evans <kevans@FreeBSD.org>
90c0180447
Ensure that the default visibility is set on the user create page () 
Set the default visibility on the user create page.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
c9c0475f4d
In Render tolerate not being passed a context () 
* In Render tolerate not being passed a context

It is possible for RenderString to be passed to an external renderer if markdown
is set to be rendered by an external renderer. No context is currently sent to these
meaning that this will error out.

Fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add Context to Repo calls for RenderString

All calls from routers can easily add the context - so add it.

Signed-off-by: Andrew Thornton <art27@cantab.net>
d24eb6e6ce
Add GoLand configuration in hacking on gitea () 
Co-authored-by: zeripath <art27@cantab.net>
f5b0e2c9d2
Simplify split diff view generation and remove JS dependency () 
Gitea has relied on some slow JS code to match up added and deleted lines on the
diff pages. This can cause a considerable slow down on large diff pages.

This PR makes a small change meaning that the matching up can occur much more simply.

Partial fix 

Signed-off-by: Andrew Thornton <art27@cantab.net>
d985d4bc2f
Paginate releases page & set default page size to 10 () 
* Add release default page and set it to 10

* use limit

Co-authored-by: 6543 <6543@obermui.de>
360d8e7c23
Remove unused Fomantic sidebar module () 
* Remove unused Fomantic sidebar module

The [Sidebar](https://fomantic-ui.com/modules/sidebar.html) module seems
currently unused (at least I can't find any reference to it in templates
or js), so remove it from the Fomantic build.

* remove useless minified fomantic build files

* mark fomantic build files as being generated
06b9d553bc
Timeout on flush in testing () 
* Timeout on flush in testing

At the end of each test the queues are flushed. At present there is no limit on the
length of time a flush can take which can lead to long flushes.

However, if the CI task is cancelled we lose the log information as to where the long
flush was taking place.

This PR simply adds a default time limit of 2 minutes - at which point an error will
be produced. This should allow us to more easily find the culprit.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* return better error

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
73394f435c
[API] List limited and private orgs if authentificated () 
* fix bug  and similar

* code format

* CI.restart()
9119d24573
Ensure wiki repos are all closed () 
There are multiple places where wiki git repositories are not properly closed.

This PR ensures they are closed.

Signed-off-by: Andrew Thornton <art27@cantab.net>
c0f5da3e1a
Prevent coverage break () 
* Prevent coverage break

There are repeated failures of our CI due to an intermittent issue with coverage.out
finishing with a spurious `0` on a single line.

This problem is very annoying and very hard to understand where it is coming from,
therefore as the problem appears random and without clear cause we should just strip
this line from our coverage.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
8d7704b5a2
Fix dump and restore respository () 
* Fix dump and restore

* return different error message for get commit

* Fix missing delete release attachment when deleting repository

* Fix ci and add some comments

Co-authored-by: zeripath <art27@cantab.net>
f2b4b0f491
Remove ParseQueueConnStr as it is unused () 
Remove ParseQueueConnStr as `modules/nosql` has taken over all of its functions.

Signed-off-by: Andrew Thornton <art27@cantab.net>
bb4cc876b1
Repare and Improve GetDiffRangeWithWhitespaceBehavior () 
* repare and improve GetDiffRangeWithWhitespaceBehavior

* Context with Timeout
d21702475b
Fix git.Blob.DataAsync(): close pipe since we return a NopCloser () 
* make sure headGitRepo is closed on err too

* refactor

* Fix git.Blob.DataAsync(): exec cancel since we already read all bytes (close pipe since we return a NopCloser)
2bb32006fd
Test if LFS object is accessible () 
* Test if object is accessible.

* Added more logging.
cbf05c3f79
Add option to update pull request by `rebase` () 
* add option to update pull request by `rebase`

Signed-off-by: a1012112796 <1012112796@qq.com>
83640a595b
Workaround coverage bug part 2 () 
* Workaround coverage bug part 2

Just grep away bad lines from coverage files.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* try again

Signed-off-by: Andrew Thornton <art27@cantab.net>
57b0887ab2
Correctly return the number of Repositories for Organizations () 
Calculate and return the number of Repositories on the dashboard
Organization list.

This PR restores some of the logic that was removed in  to
calculate the number of repos on the dashboard orgs list.

Fix 
Replaces 

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
7062614dee
Gitlab Migrator: dont ignore reactions of last request () 
Fix bug related to early breaking when migrating reactions.
6e0e414f55
Ensure that the testlogger has its final test removal safely () 
It is possible to get a data race right at the end of the TestMain
in integrations during the final removal of the test from the testlogger. This PR
uses a Reset function to remove any final tests but adds some extra
logging which will forcibly fail if there is an unclosed logger.

Signed-off-by: Andrew Thornton <art27@cantab.net>
This pull request has changes conflicting with the target branch.
  • tools/fuzz.go
You can also view command line instructions.

Step 1:

From your project repository, check out a new branch and test the changes.
git checkout -b main master
git pull origin main

Step 2:

Merge the changes and update on Gitea.
git checkout master
git merge --no-ff main
git push origin master
Sign in to join this conversation.
No reviewers
No Label
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: p85947160/gitea#2
No description provided.
Delete Branch "main"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?