Commit graph

250 commits

Author SHA1 Message Date
zeripath
7948cb3149
Prevent NPE whilst migrating if there is a team request review (#19855)
A pr.Reviewer may be nil when migrating from Gitea if this is a team
request review.

We do not migrate teams therefore we cannot map these requests, but we can
migrate user requests.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-06-09 10:50:05 +08:00
Lauris BH
f92b7a6331
Add support for rendering terminal output with colors (#19497) 2022-06-09 00:46:39 +03:00
Wim
e528e2b435
Implement http signatures support for the API (#17565)
Fixes #12338

This allows use to talk to the API with our ssh certificate (and/or ssh-agent) without needing to fetch an API key or tokens.
It will just automatically work when users have added their ssh principal in gitea.

This needs client code in tea
Update: also support normal pubkeys

ref: https://tools.ietf.org/html/draft-cavage-http-signatures

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-06-05 08:16:14 +01:00
Lunny Xiao
12c742f8dc
Fix order by parameter (#19849)
Upgrade builder to v0.3.11
Upgrade xorm to v1.3.1 and fixed some hidden bugs.

Replace #19821
Replace #19834
Included #19850

Co-authored-by: zeripath <art27@cantab.net>
2022-06-04 20:18:50 +01:00
6543
00a981d341
Update go-chi/cache to utilize Ping() (#19719)
* update gitea.com/go-chi/cache -> v0.2.0

* ajust to new interface

* refactor
2022-05-15 20:43:27 +02:00
6543
65ccff54ef
Update go deps (#19665)
* update gitea.com/go-chi/binding
* update github.com/42wim/sshsig
* update github.com/PuerkitoBio/goquery
* update github.com/blevesearch/bleve/v2
* update github.com/caddyserver/certmagic
* update github.com/duo-labs/webauthn
* update github.com/editorconfig/editorconfig-core-go/v2
* update github.com/emirpasic/gods
* update github.com/gliderlabs/ssh
* update github.com/go-chi/cors
* update github.com/go-enry/go-enry/v2
* update github.com/go-git/go-git/v5
* update github.com/go-ldap/ldap/v3
* update github.com/golang-jwt/jwt/v4
* update github.com/google/pprof
* update github.com/klauspost/compress
* update github.com/lib/pq
* update github.com/markbates/goth
* update github.com/minio/minio-go/v7
* update github.com/olivere/elastic/v7
* update github.com/unrolled/render
* update github.com/urfave/cli
* update github.com/xanzy/go-gitlab
* update github.com/yuin/goldmark
* adopt breaking changes of certmagic
2022-05-10 12:32:42 +02:00
wxiaoguang
d242511e86
Remove legacy unmaintained packages, refactor to support change default locale (#19308)
Remove two unmaintained vendor packages `i18n` and `paginater`. Changes:
* Rewrite `i18n` package with a more clear fallback mechanism. Fix an unstable `Tr` behavior, add more tests.
* Refactor the legacy `Paginater` to `Paginator`, test cases are kept unchanged.

Trivial enhancement (no breaking for end users):
* Use the first locale in LANGS setting option as the default, add a log to prevent from surprising users.
2022-04-03 17:46:48 +08:00
Lunny Xiao
cf5d4a7230
Upgrade xorm/builder from v0.3.9 to v0.3.10 (#19296)
xorm/builder v0.3.10 add support to EXISTS and NOT EXISTS.
2022-04-02 04:14:14 +08:00
wxiaoguang
4f27c28947
Remove legacy unknwon/com package (#19298)
Follows: #19284
* The `CopyDir` is only used inside test code
* Rewrite `ToSnakeCase` with more test cases
* The `RedisCacher` only put strings into cache, here we use internal `toStr` to replace the legacy `ToStr`
* The `UniqueQueue` can use string as ID directly, no need to call `ToStr`
2022-04-02 00:34:57 +08:00
Kevin Burke
242d71035a
go.mod: update kevinburke/ssh_config to v1.2.0 (#19286)
Previously if you tried to read a HostName in a config file that
looked like this:

```
Host github
    HostName github.com        # This is the host for code review
```

DefaultUserSettings.Get("HostName") would return "github.com        ",
which I think is unintuitive and unexpected.

This behavior is fixed in v1.2 which would return "github.com" in the
above example.
2022-04-01 00:05:57 +02:00
zeripath
c88547ce71
Add Goroutine stack inspector to admin/monitor (#19207)
Continues on from #19202.

Following the addition of pprof labels we can now more easily understand the relationship between a goroutine and the requests that spawn them. 

This PR takes advantage of the labels and adds a few others, then provides a mechanism for the monitoring page to query the pprof goroutine profile.

The binary profile that results from this profile is immediately piped in to the google library for parsing this and then stack traces are formed for the goroutines.

If the goroutine is within a context or has been created from a goroutine within a process context it will acquire the process description labels for that process. 

The goroutines are mapped with there associate pids and any that do not have an associated pid are placed in a group at the bottom as unbound.

In this way we should be able to more easily examine goroutines that have been stuck.

A manager command `gitea manager processes` is also provided that can export the processes (with or without stacktraces) to the command line.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-31 19:01:43 +02:00
Justin Sievenpiper
a2c20a6cab
Add Redis Sentinel Authentication Support (#19213)
Gitea was not able to supply any authentication parameters to it. So this brings support to do that, along with some light extraction of a couple of bits into some separate functions for easier testing.

I looked at other libraries supporting similar RedisUri-style connection strings (e.g. Lettuce), but it looks like this type of configuration is beyond what would typically be done in a connection string. Since gitea doesn't have configuration options for manually specifying all this redis connection detail, I went ahead and just chose straightforward names for these new parameters.
2022-03-30 21:12:02 +02:00
Robert Kaussow
909804b717
Bump goldmark to v1.4.11 (#19201)
* Bump goldmark to v1.4.11

* add testcase

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Andrew Thornton <art27@cantab.net>
2022-03-24 11:47:37 -04:00
techknowlogick
ed1d95c55d
use go1.18 to build gitea (#19099)
* use go1.18 to build gitea& update min go version to 1.17

* bump in a few more places

* add a few simple tests for isipprivate

* update go.mod

* update URL to https://go.dev/dl/

* golangci-lint

* attempt golangci-lint workaround

* change version

* bump fumpt version

* skip strings.title test

* go mod tidy

* update tests as some aren't private??

* update tests
2022-03-16 00:08:31 -04:00
silverwind
fe9626af29
Use go run for tool dependencies, require go 1.17 (#18874)
This ensures the tools only run in the versions we've tested and it also
does not polute PATH with those tools so they are truly isolated. This
syntax of `go run` requires go 1.17, so the minimum version is set
accordingly.

Fixes: https://github.com/go-gitea/gitea/issues/18867

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-03-15 22:50:26 -04:00
Gusted
6ab4a96855
Update golang.org/x/crypto (#19097)
* Update golang.org/x/crypto

- Update dependency to include fix for CVE.
- See https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ?utm_medium=email&utm_source=footer

* Fix deprecation notice

* Remove workaround

- Introduced in https://github.com/go-gitea/gitea/pull/17281
- Fixed in x/crypto:
- 5d542ad81a
- & 3147a52a75

* Update Kex Algorithms

- Use standardized name for curve22519-sha256. 9b076918e3
- Prefer SHA256 version over SHA1 version. e4b3678e5f
2022-03-16 02:59:53 +01:00
Lunny Xiao
2448c5ad8b
Upgrading binding package (#19034)
Fix #18855
2022-03-09 18:06:58 +00:00
techknowlogick
1546580f9e
bump go deps (#19021)
* update gitea.com/go-chi/binding

* update gitea.com/go-chi/cache

* update github.com/42wim/sshsig

* update github.com/PuerkitoBio/goquery

* update github.com/blevesearch/bleve/v2

* update github.com/caddyserver/certmagic

* update github.com/denisenkom/go-mssqldb

* update github.com/duo-labs/webauthn

* update github.com/dustin/go-humanize

* update github.com/editorconfig/editorconfig-core-go/v2

* update github.com/ethantkoenig/rupture

* update github.com/go-chi/chi/v5

* update github.com/go-git/go-git/v5

* update github.com/go-ldap/ldap/v3

* update github.com/go-redis/redis/v8

* update github.com/go-swagger/go-swagger

* update github.com/gogs/chardet

* update github.com/golang-jwt/jwt/v4

* update github.com/hashicorp/go-version

* update github.com/jaytaylor/html2text

* update github.com/klauspost/compress

* update github.com/lib/pq

* update github.com/markbates/goth

* update github.com/mattn/go-sqlite3

* update github.com/mholt/archiver/v3

* update github.com/microcosm-cc/bluemonday

* update github.com/minio/minio-go/v7

* update github.com/msteinert/pam

* update github.com/niklasfasching/go-org

* update github.com/olivere/elastic/v7

* update github.com/prometheus/client_golang

* update github.com/quasoft/websspi

* update github.com/stretchr/testify

* update github.com/unknwon/i18n

* update github.com/unrolled/render

* update github.com/xanzy/go-gitlab

* update github.com/yuin/goldmark

* update github.com/yuin/goldmark-highlighting

* update github.com/yuin/goldmark-meta

* post make vendor

Signed-off-by: Andrew Thornton <art27@cantab.net>

* add make vendor back into update_dependencies.sh

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update update_dependencies.sh

* Update contrib/update_dependencies.sh

Co-authored-by: zeripath <art27@cantab.net>

* update mvdan.cc/xurls/v2

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-08 19:15:30 +08:00
Gusted
3c7201682c
Update go-enry to v2.8.0 (#18993)
- It was reported in the Matrix channel that Chroma [has support](d402102976)
for the Fennel language, go-enry only added detection support for this
[in v2.7.2](0affa3ccca).

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-03-04 01:56:31 +01:00
Gusted
79c7219be8
Update go-org to v1.6.1 (#18932)
- v1.6.0 has a inconsistency with the proxy and github's tagged version,
updating to v1.6.1 should fix this issue.
- Resolves #18864
2022-02-27 16:56:44 +00:00
zeripath
e039b76a6f
Update go-org to 1.6.0 (#18824)
Fix #14074

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-02-20 13:01:35 +00:00
Gusted
f393bc82cb
Update gitea-vet (#18640)
* Update gitea-vet

- Update gitea-vet to include latest 2 changes
7c98703580...master

* Tidy up go.sum

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2022-02-06 21:45:00 +00:00
Gusted
9712f7d622
Future proof for 1.18 (#18644)
- Update json-iterator/go to handle 1.18's new memory model with slices.
- Don't panic while running gitea with go 1.18
2022-02-06 20:38:14 +00:00
zeripath
b34923d919
Update Goldmark to Goldmark 1.4.4 (#18420)
* Update Goldmark to Goldmark 1.4.4
* nolint the deprecation

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-29 21:17:21 +08:00
zeripath
9a75c2741d
Only view milestones from current repo (#18414)
The endpoint /{username}/{reponame}/milestone/{id} is not currently restricted to
the repo. This PR restricts the milestones to those within the repo.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-26 20:01:35 +00:00
Aravinth Manivannan
3bb028cc46
Validate migration files (#18203)
JSON Schema validation for data used by Gitea during migrations

Discussion at https://forum.forgefriends.org/t/common-json-schema-for-repository-information/563

Co-authored-by: Loïc Dachary <loic@dachary.org>
2022-01-26 10:45:51 +01:00
6543
6ad7a5376a
Update github.com/duo-labs/webauthn (#18357) 2022-01-22 18:01:40 +01:00
Jelle Hulter
bbd30787d3
Updated Chroma to v0.10.0 (#18270) 2022-01-20 17:59:15 +08:00
zeripath
68b59d8966
replace satori/go.uuid with gofrs/uuid (#18311)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-18 11:04:24 +00:00
Lunny Xiao
35c3553870
Support webauthn (#17957)
Migrate from U2F to Webauthn

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-14 16:03:31 +01:00
Lunny Xiao
a1c12fb0b3
Don't store assets modified time into generated files (#18193) 2022-01-06 21:33:17 -05:00
6543
ec6cc38c6c
code.gitea.io/sdk/gitea v0.14.0 -> v0.15.1 (#18186) 2022-01-05 05:51:12 +01:00
Lunny Xiao
e9c9a35a61
Upgrade certmagic from v0.14.1 to v0.15.2 (#18138) 2022-01-01 17:43:28 +08:00
Lunny Xiao
25a290e320
Upgrade bleve from v2.0.6 to v2.3.0 (#18132) 2022-01-01 16:26:27 +08:00
zeripath
bcc13f3889
Reset Session ID on login (#18018)
* Reset Session ID on login

When logging in the SessionID should be reset and the session cleaned up.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* with new session.RegenerateID function

Signed-off-by: Andrew Thornton <art27@cantab.net>

* update go-chi/session

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Ensure that session id is changed after oauth data is set and between account linking pages too

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per review

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-20 22:12:26 +08:00
zeripath
25677cdc5b
Update chroma (#18033)
Update chroma to 0.9.4

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-20 02:49:38 +00:00
Wim
6fe756dc93
Add support for ssh commit signing (#17743)
* Add support for ssh commit signing

* Split out ssh verification to separate file

* Show ssh key fingerprint on commit page

* Update sshsig lib

* Make sure we verify against correct namespace

* Add ssh public key verification via ssh signatures

When adding a public ssh key also validate that this user actually
owns the key by signing a token with the private key.

* Remove some gpg references and make verify key optional

* Fix spaces indentation

* Update options/locale/locale_en-US.ini

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Update templates/user/settings/keys_ssh.tmpl

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Update options/locale/locale_en-US.ini

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Update options/locale/locale_en-US.ini

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Update models/ssh_key_commit_verification.go

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Reword ssh/gpg_key_success message

* Change Badsignature to NoKeyFound

* Add sign/verify tests

* Fix upstream api changes to user_model User

* Match exact on SSH signature

* Fix code review remarks

Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-12-19 00:37:18 -05:00
zeripath
957c3fcb59
Update chi/middleware to chi/v5/middleware (#17888)
Fix #17880


Co-authored-by: Lauris BH <lauris@nix.lv>
2021-12-02 21:58:08 +01:00
zeripath
c96be0cd98
Make SSL cipher suite configurable (#17440) 2021-11-20 01:12:43 -05:00
wxiaoguang
a8fd76557b
Better builtin avatar generator (#17707)
This PR fixes the builtin avatar generator.

1. The random background color makes some images very dirty. So now we only use white background for avatars.
2. We use left-right mirror avatars to satisfy #14799
3. Fix a small padding error in the algorithm
2021-11-20 01:10:41 +08:00
zeripath
9d855bd6a1
Simplify Gothic to use our session store instead of creating a different store (#17507)
* Simplify Gothic to use our session store instead of creating a different store

We have been using xormstore to provide a separate session store for our OAuth2 logins
however, this relies on using gorilla context and some doubling of our session storing.
We can however, simplify and simply use our own chi-based session store. Thus removing
a cookie and some of the weirdness with missing contexts.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per review

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per review

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Handle MaxTokenLength

Signed-off-by: Andrew Thornton <art27@cantab.net>

* oops

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-11-03 08:33:54 +08:00
Lunny Xiao
812a9daab9
Upgrade go-github to v39 (#17437) 2021-10-26 08:19:21 +01:00
zeripath
c5a408df05
Upgrade Bluemonday to v1.0.16 (#17372)
Upgrade Bluemonday to latest version

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
2021-10-20 16:58:39 -04:00
6543
3728f1daa0
Add RSS/Atom feed support for user actions (#16002)
Return rss/atom feed for user based on rss url suffix or Content-Type header.
2021-10-16 16:21:16 +02:00
Lunny Xiao
d47798ccc7
Upgrade chi to v5 (#17298) 2021-10-13 22:50:23 -04:00
Lunny Xiao
ba1fdbcfdb
upgrade xorm to v1.2.5 (#17177) 2021-09-29 23:08:44 +03:00
Lunny Xiao
e21a35698c
Upgrade xorm to v1.2.4 (#17059) (#17068)
Co-authored-by: zeripath <art27@cantab.net>
2021-09-16 13:53:28 -04:00
zeripath
8af7a21085
Update go-chi/session (fixes "race" in tests) (#17031)
Update to latest go-chi/session where the NewManager causes a new
Provider instantiation instead of reconfiguring an old one.
(https://gitea.com/go-chi/session/pulls/1)

The NewManager call is now concurrency safe and would allow live
reconfiguration in future but for now this PR simply fixes an
intermittent "data-race" detected in our tests.  (See
https://drone.gitea.io/go-gitea/gitea/43900/2/14)

Related #17027
Related #1441

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-09-13 09:40:55 +01:00
zeripath
1cd4a3b963
Update caddyserver/certmagic (#16789)
Fixes issue with windows users & letsencrypt

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-08-23 18:07:40 -04:00
wxiaoguang
2d1935acc7
Upgrade go.mod go version to 1.16 (#16764) 2021-08-21 20:04:17 +01:00