Commit graph

3816 commits

Author SHA1 Message Date
Loïc Dachary 62f50e1c52
[SECURITY] default to pbkdf2 with 320,000 iterations
(cherry picked from commit 3ea0b287d7)
(cherry picked from commit db8392a8ac)
(cherry picked from commit bd2a5fa292)
(cherry picked from commit 2436acb3d9)
2023-03-18 09:20:23 +01:00
Zettat123 46addc1f93
Return repository in npm package metadata endpoint (#23539)
Close #23444 

Add `Repository` to npm package `Metadata` struct so the `repository` in
`package.json` can be stored and be returned in the endpoint.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-03-17 14:39:19 -04:00
silverwind 272cf6a2a9
Make time tooltips interactive (#23526)
Fixes https://codeberg.org/forgejo/forgejo/issues/511

<img width="379" alt="Screenshot 2023-03-16 at 20 23 10"
src="https://user-images.githubusercontent.com/115237/225731294-4c6e4f44-bdcc-4c8c-86e2-49f7c03b377d.png">
2023-03-16 15:40:56 -05:00
James Cleverley-Prance 574d8fe6d6
Add absent repounits to create/edit repo API (#23500)
Adds the ability to enable/disable Actions, Packages and Releases from
the API, via the Edit and Get Repository API endpoints.
2023-03-16 12:30:42 -05:00
Hester Gong 8d9f8e10b1
Fix tags sort by creation time (descending) on branch/tag dropdowns (#23491)
This PR fixes the tags sort issue mentioned in #23432
The tags on dropdown shoud be sorted in descending order of time but are
not. Because when getting tags, it execeutes `git tag sort
--sort=-taggerdate`. Git supports two types of tags: lightweight and
annotated, and `git tag sort --sort=-taggerdate` dosen't work with
lightweight tags, which will not give correct result. This PR add
`GetTagNamesByRepoID ` to get tags from the database so the tags are
sorted.

Also adapt this change to the droplist when comparing branches. 

Dropdown places:

<img width="369" alt="截屏2023-03-15 14 25 39"
src="https://user-images.githubusercontent.com/17645053/225224506-65a72e50-4c11-41d7-8187-a7e9c7dab2cb.png">

<img width="675" alt="截屏2023-03-15 14 25 27"
src="https://user-images.githubusercontent.com/17645053/225224526-65ce8008-340c-43f6-aa65-b6bd9e1a1bf1.png">
2023-03-16 12:01:10 -05:00
Hester Gong 661e78bed5
Allow both fullname and username search when DEFAULT_SHOW_FULL_NAME is true (#23463)
This PR adds the ability to search both fullname and username for
assignees, reviewers and author search boxes when the config
[`DEFAULT_SHOW_FULL_NAME`](6ff5400af9/custom/conf/app.example.ini (L1238))
in `app.ini` is set to `true`. Which is originally raised
[here](https://projects.blender.org/infrastructure/blender-projects-platform/issues/14)
And if `DEFAULT_SHOW_FULL_NAME` is set to `false`(default value), these
search boxes will only show username.

Example:
When `DEFAULT_SHOW_FULL_NAME = true`

<img width="1220" alt="截屏2023-03-14 14 28 06"
src="https://user-images.githubusercontent.com/17645053/224914546-80ef2837-ab72-4d66-9f00-6eb77ed4baaa.png">

When `DEFAULT_SHOW_FULL_NAME = false` (default value)

<img width="1243" alt="截屏2023-03-14 14 29 37"
src="https://user-images.githubusercontent.com/17645053/224914798-f69ec8a2-0929-4330-827c-3e30188f9b47.png">


The specific search boxes that adapts these changes include:
1. Author, Assignee search boxes in pull requests tab and issues tab in
repository
<img width="1283" alt="截屏2023-03-14 14 35 01"
src="https://user-images.githubusercontent.com/17645053/224916250-8e452525-71d6-4b48-bf1c-bf7a176abaaa.png">

2. Assigee and Author on milestones issue page (Added missing search box
for author here)
<img width="1261" alt="截屏2023-03-14 14 38 20"
src="https://user-images.githubusercontent.com/17645053/224916569-d3105619-7824-4bb8-a6d0-1a600eaa9963.png">

3. Assignee on issues and PR Sidebar, Reviewer on PR Sidebar
<img width="976" alt="截屏2023-03-14 14 41 06"
src="https://user-images.githubusercontent.com/17645053/224917431-c45d821e-9660-4f58-a196-5979a0bb64ce.png">

<img width="1027" alt="截屏2023-03-14 14 41 58"
src="https://user-images.githubusercontent.com/17645053/224917290-ad4dbc52-0c20-45c4-9fce-9dcd59ad7d47.png">

4. Assignee when creating new issue
<img width="961" alt="截屏2023-03-14 14 44 33"
src="https://user-images.githubusercontent.com/17645053/224917694-34bee5a7-e975-4f37-8862-56ebc2556808.png">

5. Whitelisted users for pushing, Whitelisted users for merging and
Whitelisted reviewers in Protected branch settings
<img width="920" alt="截屏2023-03-14 14 48 56"
src="https://user-images.githubusercontent.com/17645053/224918551-9b46b44e-b075-4895-8d33-1aafc7d3c8e5.png">
<img width="901" alt="截屏2023-03-14 14 49 02"
src="https://user-images.githubusercontent.com/17645053/224918584-efa66f23-a593-4e26-a3eb-bb1fbc5516ae.png">
<img width="944" alt="截屏2023-03-14 14 49 21"
src="https://user-images.githubusercontent.com/17645053/224918591-be60455d-0513-4f66-84f6-b5e1bc40ff91.png">


6.  "Allowed users" in tags settings
<img width="935" alt="截屏2023-03-14 14 50 11"
src="https://user-images.githubusercontent.com/17645053/224918701-797699aa-c7e5-4290-b3fe-27dcead1c6c7.png">
2023-03-16 11:32:25 -05:00
Kirill Bolashev 4938945668
Handle files starting with colons in WalkGitLog (#22935)
Currently gitea shows no commit information for files starting with a
colon.

[I set up a minimal repro repository that reproduces this error once
it's migrated on gitea](https://github.com/kbolashev/colon-test)

<img width="1209" alt="image"
src="https://user-images.githubusercontent.com/111061261/219326625-0e6d3a86-8b58-4d67-bc24-8a78963f36b9.png">

This is happening because the filenames piped to the `git log` command
are written as is, and it doesn't work when you have a colon at the
start of the filename, and you need to escape it.


You can test it locally,  if you do
```
mkdir repo
git init
touch :file 
git add . && git commit -m "Add file with colon"
git log -- :file 
```
git log returns nothing. However, if you do `git log -- "\:file"`, it
will show the commit with the file change.

This PR escapes the starting colons in paths in the `LogNameStatusRepo`
function, making gitea return commit info about the file with the bad
filename.

<img width="1209" alt="image"
src="https://user-images.githubusercontent.com/111061261/219328299-46451246-4006-45e3-89b1-c244635ded23.png">

This error shows up only with files starting with colon, anywhere else
in filename is ok. Dashes at the beginning also seem to be working.
I don't know gitea internals well enough to know where else this error
can pop up, so I'm keeping this PR small as suggested by your
contributor guide
2023-03-16 11:03:04 -05:00
Lunny Xiao 623a539f23
Move pidfile creation from setting to web cmd package (#23285)
Creating pid file should not belong to setting package and only web
command needs that. So this PR moves pidfile creation from setting
package to web command package to keep setting package more readable.

I marked this as `break` because the PIDFile path moved. For those who
have used the pid build argument, it has to be changed.

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-03-16 15:22:54 +08:00
techknowlogick 32204fcf8b
test_env: hardcode major go version in use (#23464)
hardcode the version of test_env we use in docker, so that we can use
different major versions of golang between versions of Gitea

---------

Co-authored-by: Lauris BH <lauris@nix.lv>
2023-03-14 16:09:01 -04:00
Lunny Xiao 8e40634797
Convert GitHub event on actions and fix some pull_request events. (#23037)
Follow #22680

Partially Fix #22958, on pull_request, `opened`, `reopened`,
`synchronize` supported, `edited` hasn't been supported yet because
Gitea doesn't trigger that events.

---------

Co-authored-by: yp05327 <576951401@qq.com>
2023-03-14 20:50:51 +08:00
techknowlogick d56bb74201
add admin API email endpoints (#22792)
add email endpoint to admin API to ensure API parity with admin
dashboard.
2023-03-14 03:54:40 -04:00
techknowlogick 03591f0f95
add user rename endpoint to admin api (#22789)
this is a simple endpoint that adds the ability to rename users to the
admin API.

Note: this is not in a mergeable state. It would be better if this was
handled by a PATCH/POST to the /api/v1/admin/users/{username} endpoint
and the username is modified.

---------

Co-authored-by: Jason Song <i@wolfogre.com>
2023-03-14 03:45:21 -04:00
yp05327 aac07d010f
Add workflow error notification in ui (#23404)
![image](https://user-images.githubusercontent.com/18380374/224237847-07a30029-32d4-4af7-a36e-e55f0ed899aa.png)

![image](https://user-images.githubusercontent.com/18380374/224239309-a96120e1-5eec-41c0-89aa-9cf63d1df30c.png)

---------

Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-03-14 15:27:03 +08:00
wxiaoguang 6ff5400af9
Make branches list page operations remember current page (#23420)
Close #23411

Always pass "page" query parameter to backend, and make backend respect
it.

The `ctx.FormInt("limit")` is never used, so removed.

---------

Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-03-14 13:11:38 +08:00
KN4CK3R c709fa17a7
Add Swift package registry (#22404)
This PR adds a [Swift](https://www.swift.org/) package registry.


![grafik](https://user-images.githubusercontent.com/1666336/211842523-07521cbd-8fb6-400f-820c-ee8048b05ae8.png)
2023-03-13 15:28:39 -05:00
FuXiaoHei cdc9e91750
add path prefix to ObjectStorage.Iterator (#23332)
Support to iterator subdirectory in ObjectStorage for
ObjectStorage.Iterator method.

It's required for https://github.com/go-gitea/gitea/pull/22738 to make
artifact files cleanable.

---------

Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-03-13 18:23:51 +08:00
Philip Peterson 757b4c17e9
Support reflogs (#22451)
This PR adds support for reflogs on all repositories. It does this by
adding a global configuration entry.

Implements #14865

---------

Signed-off-by: Philip Peterson <philip.c.peterson@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-03-13 15:51:07 +08:00
Brecht Van Lommel a8e13e64da
Scoped label display and documentation tweaks (#23430)
* Fix scoped label left and right part breaking across lines.
* Remove slanted divider in scoped label display, make it straight.
After using this for a while, this feels more visually noisy than
helpful.
* Reduce contrast between scope and item to reduce probability of
unreadable text on background.
* Change documentation to remove mention of non-exclusive scoped labels.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-03-13 08:46:13 +08:00
sillyguodong 5155ec35c5
Parse external request id from request headers, and print it in access log (#22906)
Close: #22890.

---
### Configure in .ini file:
```ini
[log]
REQUEST_ID_HEADERS = X-Request-ID, X-Trace-Id
```

### Params in Request Header
```
X-Trace-ID: trace-id-1q2w3e4r
```

![image](https://user-images.githubusercontent.com/33891828/218665296-8fd19a0f-ada6-4236-8bdb-f99201c703e8.png)



### Log output:

![image](https://user-images.githubusercontent.com/33891828/218665225-cc242a57-4ffc-449a-a1f6-f45ded0ead60.png)
2023-03-10 09:54:32 -06:00
yp05327 cf29ee6dd2
Add missing tabs to org projects page (#22705)
Fixes https://github.com/go-gitea/gitea/issues/22676

Context Data `IsOrganizationMember` and `IsOrganizationOwner` is used to
control the visibility of `people` and `team` tab.

2871ea0809/templates/org/menu.tmpl (L19-L40)

And because of the reuse of user projects page, User Context is changed
to Organization Context. But the value of `IsOrganizationMember` and
`IsOrganizationOwner` are not being given.

I reused func `HandleOrgAssignment` to add them to the ctx, but may have
some unnecessary variables, idk whether it is ok.

I found there is a missing `PageIsViewProjects` at create project page.
2023-03-10 09:18:20 -06:00
Brecht Van Lommel 8bdc0acf97
Fix pull request update showing too many commits with multiple branches (#22856)
When the base repository contains multiple branches with the same
commits as the base branch, pull requests can show a long list of
commits already in the base branch as having been added.

What this is supposed to do is exclude commits already in the base
branch. But the mechansim to do so assumed a commit only exists in a
single branch. Now use `git rev-list A B --not branchName` instead of
filtering commits afterwards.

The logic to detect if there was a force push also was wrong for
multiple branches. If the old commit existed in any branch in the base
repository it would assume there was no force push. Instead check if the
old commit is an ancestor of the new commit.
2023-03-09 12:14:22 -06:00
wxiaoguang 542cec98f8
Refactor merge/update git command calls (#23366)
Follow #22568

* Remove unnecessary ToTrustedCmdArgs calls 
    * the FAQ in  #22678
* Quote: When using ToTrustedCmdArgs, the code will be very complex (see
the changes for examples). Then developers and reviewers can know that
something might be unreasonable.
* The `signArg` couldn't be empty, it's either `-S{keyID}` or
`--no-gpg-sign`.
* Use `signKeyID` instead, add comment "empty for no-sign, non-empty to
sign"
* 5-line code could be extracted to a common `NewGitCommandCommit()` to
handle the `signKeyID`, but I think it's not a must, current code is
clear enough.
2023-03-09 09:48:52 -06:00
Yarden Shoham af0468ed8d
Set X-Gitea-Debug header once (#23361)
Instead of adding it

# Before
On the raw commit page:

![image](https://user-images.githubusercontent.com/20454870/223470744-cdf11898-e023-4198-8c8b-c294e5d78b73.png)

# After

![image](https://user-images.githubusercontent.com/20454870/223470596-af898d66-bd5b-4ddb-b220-ceb1f149bfec.png)

Fixes #23308

---------

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-03-08 15:40:04 -05:00
Jason Song 1960ad5c90
Improve cache context (#23330)
Related to: #22294 #23186 #23054

Replace: #23218

Some discussion is in the comments of #23218.

Highlights:
- Add Expiration for cache context. If a cache context has been used for
more than 10s, the cache data will be ignored, and warning logs will be
printed.
- Add `discard` field to `cacheContext`, a `cacheContext` with `discard`
true will drop all cached data and won't store any new one.
- Introduce `WithNoCacheContext`, if one wants to run long-life tasks,
but the parent context is a cache context,
`WithNoCacheContext(perentCtx)` will discard the cache data, so it will
be safe to keep the context for a long time.
- It will be fine to treat an original context as a cache context, like
`GetContextData(context.Backgraud())`, no warning logs will be printed.

Some cases about nesting:

When:
- *A*, *B* or *C* means a cache context.
- ~*A*~, ~*B*~ or ~*C*~ means a discard cache context.
- `ctx` means `context.Backgrand()`
- *A(ctx)* means a cache context with `ctx` as the parent context.
- *B(A(ctx))* means a cache context with `A(ctx)` as the parent context.
- `With` means `WithCacheContext`
- `WithNo` means `WithNoCacheContext`

So:
- `With(ctx)` -> *A(ctx)*
- `With(With(ctx))` -> *A(ctx)*, not *B(A(ctx))*
- `With(With(With(ctx)))` -> *A(ctx)*, not *C(B(A(ctx)))*
- `WithNo(ctx)` -> *ctx*, not *~A~(ctx)*
- `WithNo(With(ctx))` -> *~A~(ctx)*
- `WithNo(WithNo(With(ctx)))` -> *~A~(ctx)*, not *~B~(~A~(ctx))*
- `With(WithNo(With(ctx)))` -> *B(~A~(ctx))*
- `WithNo(With(WithNo(With(ctx))))` -> *~B~(~A~(ctx))*
- `With(WithNo(With(WithNo(With(ctx)))))` -> *C(~B~(~A~(ctx)))*
2023-03-08 11:57:05 -06:00
Lunny Xiao b116418f05
Use CleanPath instead of path.Clean (#23371)
As title.
2023-03-08 20:17:39 +08:00
Jason Song 090e753923
Reduce duplicate and useless code in options (#23369)
Avoid maintaining two copies of code, some functions can be used with
both `bindata` and `no bindata`.

And removed `GetRepoInitFile`, it's useless now.
`Readme`/`Gitignore`/`License`/`Labels` will clean the name and use
custom files when available.
2023-03-08 17:31:27 +08:00
JakobDev a12f575737
Clean Path in Options (#23006)
At the Moment it is possible to read files in another Directory as
supposed using the Options functions. e.g.
`options.Gitignore("../label/Default) `. This was discovered while
working on #22783, which exposes `options.Gitignore()` through the
public API. At the moment, this is not a security problem, as this
function is only used internal, but I thought it would be a good idea to
make a PR to fix this for all types of Options files, not only
Gitignore, to make it safe for the further. This PR should be merged
before the linked PR.

---------

Co-authored-by: Jason Song <i@wolfogre.com>
2023-03-08 15:07:58 +08:00
wxiaoguang 7e3b7c2346
Do not recognize text files as audio (#23355)
Close #17108

This PR uses a trick (removing the ID3 tag) to detect the content again
to to see whether the content is text type.

---------

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-03-07 22:40:41 -05:00
zeripath 8598356df1
Refactor and tidy-up the merge/update branch code (#22568)
The merge and update branch code was previously a little tangled and had
some very long functions. The functions were not very clear in their
reasoning and there were deficiencies in their logging and at least one
bug in the handling of LFS for update by rebase.

This PR substantially refactors this code and splits things out to into
separate functions. It also attempts to tidy up the calls by wrapping
things in "context"s. There are also attempts to improve logging when
there are errors.

Signed-off-by: Andrew Thornton <art27@cantab.net>

---------

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: delvh <dev.lh@web.de>
2023-03-07 15:07:35 -05:00
wxiaoguang 4c59c8c768
Fix various ImageDiff/SVG bugs (#23312)
Replace #23310, Close #19733

And fix various UI problems, including regressions from #22959 #22950
and more.

## SVG Detection

The old regexp may mismatch non-SVG files. This PR adds new tests for
those cases.

## UI Changes

### Before

![image](https://user-images.githubusercontent.com/2114189/222967716-f6ad8721-f46a-4a3f-9eb0-a89e488d3436.png)

![image](https://user-images.githubusercontent.com/2114189/222967780-8af8981a-e69d-4304-9dc4-0235582fa4f4.png)

### After

![image](https://user-images.githubusercontent.com/2114189/222967575-c21c23d4-0200-4e09-aac3-57895e853000.png)

![image](https://user-images.githubusercontent.com/2114189/222967585-8b8da262-bc96-441a-9851-8d3845f2659d.png)

![image](https://user-images.githubusercontent.com/2114189/222967595-58d9bea5-6df4-41fa-bf8a-86704117959d.png)

![image](https://user-images.githubusercontent.com/2114189/222967608-38757c1a-b8bd-4ebf-b7a8-3b30edb7f303.png)

![image](https://user-images.githubusercontent.com/2114189/222967623-9849a339-6fae-4484-8fa5-939e2fdacbf5.png)

![image](https://user-images.githubusercontent.com/2114189/222967633-4383d7dd-62ba-47a3-8c10-86f7ca7757ae.png)

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-03-07 20:11:24 +08:00
Jason Song c84238800b
Refactor setting.Database.UseXXX to methods (#23354)
Replace #23350.

Refactor `setting.Database.UseMySQL` to
`setting.Database.Type.IsMySQL()`.

To avoid mismatching between `Type` and `UseXXX`.

This refactor can fix the bug mentioned in #23350, so it should be
backported.
2023-03-07 18:51:06 +08:00
Jonathan Tran 4de80392bc
Add context when rendering labels or emojis (#23281)
This branch continues the work of #23092 and attempts to rid the
codebase of any `nil` contexts when using a `RenderContext`.

Anything that renders markdown or does post processing may call
`markup.sha1CurrentPatternProcessor()`, and this runs
`git.OpenRepository()`, which needs a context. It will panic if the
context is `nil`. This branch attempts to _always_ include a context
when creating a `RenderContext` to prevent future crashes.

Co-authored-by: Kyle D <kdumontnu@gmail.com>
2023-03-05 22:59:05 +01:00
wxiaoguang b2359f3df6
Fix various bugs for "install" page (#23194)
## TLDR

* Fix the broken page / broken image problem when click "Install"
* Close #20089
* Fix the Password Hash Algorithm display problem for #22942
* Close #23183
* Close #23184

## Details

### The broken page / broken image problem when click "Install"
(Redirect failed after install gitea #23184)

Before: when click "install", all new requests will fail, because the
server has been restarted. Users just see a broken page with broken
images, sometimes the server is not ready but the user would have been
redirect to "/user/login" page, then the users see a new broken page
(connection refused or something wrong ...)

After: only check InstallLock=true for necessary handlers, and sleep for
a while before restarting the server, then the browser has enough time
to load the "post-install" page. And there is a script to check whether
"/user/login" is ready, the user will only be redirected to the login
page when the server is ready.

### During new instance setup make 'Gitea Base URL' filled from
window.location.origin #20089

If the "app_url" input contains `localhost` (the default value from
config), use current window's location href as the `app_url` (aka
ROOT_URL)

### Fix the Password Hash Algorithm display problem for "Provide the
ability to set password hash algorithm parameters #22942"

Before: the UI shows `pbkdf2$50000$50`

<details>

![image](https://user-images.githubusercontent.com/2114189/221917143-e1e54798-1698-4fee-a18d-00c48081fc39.png)

</details>

After: the UI shows `pbkdf2`

<details>

![image](https://user-images.githubusercontent.com/2114189/221916999-97a15be8-2ebb-4a01-bf93-dac18e354fcc.png)

</details>

### GET data: net::ERR_INVALID_URL #23183

Cause by empty `data:` in `<link rel="manifest"
href="data:{{.ManifestData}}">`

---------

Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-03-04 10:12:02 +08:00
zeripath 5c4075e16d
Fix GetFilesChangedBetween if the file name may be escaped (#23272)
The code for GetFilesChangedBetween uses `git diff --name-only
base..head` to get the names of files changed between base and head
however this forgets that git will escape certain values.

This PR simply switches to use `-z` which has the `NUL` character as the
separator.

Ref https://github.com/go-gitea/gitea/pull/22568#discussion_r1123138096

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-03-03 17:28:38 -05:00
silverwind ea1d09718c
Fix commit retrieval by tag (#21804)
It is not correct to return tag data when commit data is requested, so
remove the hacky code that overwrote parts of a commit with parts of a
tag.

This fixes commit retrieval by tag for both the latest commit in the UI
and the commit info on tag webhook events.

Fixes: https://github.com/go-gitea/gitea/issues/21687
Replaces: https://github.com/go-gitea/gitea/pull/21693

<img width="324" alt="Screenshot 2022-11-13 at 15 26 37"
src="https://user-images.githubusercontent.com/115237/201526975-736c6ea7-ad6a-467a-a823-9a63d6ecb718.png">

<img width="789" alt="image"
src="https://user-images.githubusercontent.com/115237/201526876-90a13ffc-1e5c-4d76-911b-f1ae51e8eaab.png">

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-03-02 13:32:21 +08:00
Lauris BH 58b4143803
Add loading yaml label template files (#22976)
Extract from #11669 and enhancement to #22585 to support exclusive
scoped labels in label templates

* Move label template functionality to label module
* Fix handling of color codes
* Add Advanced label template
2023-03-02 01:44:23 +02:00
Sybren de6c718b46
Allow <video> in MarkDown (#22892)
As you can imagine, for the Blender development process it is rather
nice to be able to include videos in issues, pull requests, etc.

This PR allows the `<video>` HTML tag to be used in MarkDown, with the
`src`, `autoplay`, and `controls` attributes.

## Help Needed

To have this fully functional, personally I feel the following things
are still missing, and would appreciate some help from the Gitea team.

### Styling

Some CSS is needed, but I couldn't figure out which of the LESS files
would work. I tried `web_src/less/markup/content.less` and
`web_src/less/_base.less`, but after running `make` the changes weren't
seen in the frontend.

This I would consider a minimal set of CSS rules to be applied:

```css
video {
  max-width: 100%;
  max-height: 100vh;
}
```

### Default Attributes

It would be fantastic if Gitea could add some default attributes to the
`<video>` tag. Basically `controls` should always be there, as there is
no point in disallowing scrolling through videos, looping them, etc.

### Integration with the attachments system

Another thing that could be added, but probably should be done in a
separate PR, is the integration with the attachments system. Dragging in
a video should attach it, then generate the appropriate MarkDown/HTML.
2023-03-01 16:30:51 -05:00
zeripath 27e49cd01c
Properly flush unique queues on startup (#23154)
There have been a number of reports of PRs being blocked whilst being
checked which have been difficult to debug. In investigating #23050 I
have realised that whilst the Warn there is somewhat of a miscall there
was a real bug in the way that the LevelUniqueQueue was being restored
on start-up of the PersistableChannelUniqueQueue.

Next there is a conflict in the setting of the internal leveldb queue
name - This wasn't being set so it was being overridden by other unique
queues.

This PR fixes these bugs and adds a testcase.

Thanks to @brechtvl  for noticing the second issue.

Fix #23050
and others

---------

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-02-28 17:55:43 -05:00
Philip Peterson cbbd3726b4
Pass --global when calling git config --get, for consistency with git config --set (#23157)
This arose out of #22451; it seems we are checking using non-global
settings to see if a config value is set, in order to decide whether to
call another global(-indeed) configuration command. This PR changes it
so that both the check and the set are for global configuration.
2023-02-28 15:26:19 -06:00
Yarden Shoham 0e7bec1849
Add InsecureSkipVerify to Minio Client for Storage (#23166)
Allows using Minio with untrusted certificates

Closes #23128

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
2023-02-27 16:26:13 +00:00
Lunny Xiao 91fa0eb9d7
Avoid warning for system setting when start up (#23054)
Partially fix #23050

After #22294 merged, it always has a warning log like `cannot get
context cache` when starting up. This should not affect any real life
but it's annoying. This PR will fix the problem. That means when
starting up, getting the system settings will not try from the cache but
will read from the database directly.

---------

Co-authored-by: Lauris BH <lauris@nix.lv>
2023-02-24 18:23:13 +08:00
Zettat123 a6175b01d9
Fix nil context in RenderMarkdownToHtml (#23092)
Fix #23082.

This bug is caused by a nil context in
https://github.com/go-gitea/gitea/issues/23082#issuecomment-1441276546 .

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-24 14:36:07 +08:00
zeripath 1319ba6742
Use minio/sha256-simd for accelerated SHA256 (#23052)
minio/sha256-simd provides additional acceleration for SHA256 using
AVX512, SHA Extensions for x86 and ARM64 for ARM.

It provides a drop-in replacement for crypto/sha256 and if the
extensions are not available it falls back to standard crypto/sha256.

---------

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-02-22 14:21:46 -05:00
wxiaoguang dc9cebdf45
Use --message=%s for git commit message (#23028)
Close  #23027

`git commit` message option _only_ supports 4 formats (well, only ....):
* `"commit", "-m", msg`
* `"commit", "-m{msg}"`  (no space)
* `"commit", "--message", msg`
* `"commit", "--message={msg}"`

The long format with `=` is the best choice, and it's documented in `man
git-commit`:

`-m <msg>, --message=<msg> ...`

ps: I would suggest always use long format option for git command, as
much as possible.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-21 14:12:57 +08:00
Lunny Xiao 34ae184622
Render access log template as text instead of HTML (#23013)
Fix https://github.com/go-gitea/gitea/pull/22906#discussion_r1112106675
2023-02-21 10:22:13 +08:00
Lunny Xiao d845be661f
handle deprecated settings (#22992)
Fix #22736
2023-02-20 16:18:26 -06:00
zeripath d2128b44f7
Add scopes to API to create token and display them (#22989)
The API to create tokens is missing the ability to set the required
scopes for tokens, and to show them on the API and on the UI.

This PR adds this functionality.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2023-02-20 15:28:44 -06:00
zeripath ef11d41639
Make CI use a dummy password hasher for all tests (#22983)
During the recent hash algorithm change it became clear that the choice
of password hash algorithm plays a role in the time taken for CI to run.

Therefore as attempt to improve CI we should consider using a dummy
hashing algorithm instead of a real hashing algorithm.

This PR creates a dummy algorithm which is then set as the default
hashing algorithm during tests that use the fixtures. This hopefully
will cause a reduction in the time it takes for CI to run.

---------

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-20 13:20:30 +08:00
Lunny Xiao c53ad052d8
Refactor the setting to make unit test easier (#22405)
Some bugs caused by less unit tests in fundamental packages. This PR
refactor `setting` package so that create a unit test will be easier
than before.

- All `LoadFromXXX` files has been splited as two functions, one is
`InitProviderFromXXX` and `LoadCommonSettings`. The first functions will
only include the code to create or new a ini file. The second function
will load common settings.
- It also renames all functions in setting from `newXXXService` to
`loadXXXSetting` or `loadXXXFrom` to make the function name less
confusing.
- Move `XORMLog` to `SQLLog` because it's a better name for that.

Maybe we should finally move these `loadXXXSetting` into the `XXXInit`
function? Any idea?

---------

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: delvh <dev.lh@web.de>
2023-02-20 00:12:01 +08:00
zeripath 61b89747ed
Provide the ability to set password hash algorithm parameters (#22942)
This PR refactors and improves the password hashing code within gitea
and makes it possible for server administrators to set the password
hashing parameters

In addition it takes the opportunity to adjust the settings for `pbkdf2`
in order to make the hashing a little stronger.

The majority of this work was inspired by PR #14751 and I would like to
thank @boppy for their work on this.

Thanks to @gusted for the suggestion to adjust the `pbkdf2` hashing
parameters.

Close #14751

---------

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-19 15:35:20 +08:00