Commit graph

354 commits

Author SHA1 Message Date
ttys3
0c759fd4de
feat: add DEFAULT_MERGE_STYLE to repository.pull-request section for repo init (#19751) 2022-06-02 23:45:54 -04:00
singuliere
fdc784dbf4
docs: update the ROOT documentation and error messages (#19832)
* docs: update the ROOT documentation and error messages

* The documentation now reflects what happens in the
  setting/repository.go::newRepository function:
  filepath.Join(AppWorkPath, RepoRootPath) was missing.

* The error message displayed when RepoRootPath is not found now
  displays the value of RepoRootPath. Given the complexity of the
  construction of this value, only referring to it in the abstract
  is likely to be misleading to the Gitea admin trying to interpret
  the message.

Co-authored-by: delvh <dev.lh@web.de>
2022-05-31 00:47:55 +02:00
Ondřej Čertík
8720f876c7
Make WIP prefixes case insensitive, e.g. allow Draft as a WIP prefix (#19780)
The issue was that only the actual title was converted to uppercase, but
not the prefix as specified in `WORK_IN_PROGRESS_PREFIXES`. As a result,
the following did not work:

    WORK_IN_PROGRESS_PREFIXES=Draft:,[Draft],WIP:,[WIP]

One possible workaround was:

    WORK_IN_PROGRESS_PREFIXES=DRAFT:,[DRAFT],WIP:,[WIP]

Then indeed one could use `Draft` (as well as `DRAFT`) in the title.
However, the link `Start the title with DRAFT: to prevent the pull request
from being merged accidentally.` showed the suggestion in uppercase; so
it is not possible to show it as `Draft`. This PR fixes it, and allows
to use `Draft` in `WORK_IN_PROGRESS_PREFIXES`.

Fixes #19779.

Co-authored-by: zeripath <art27@cantab.net>
2022-05-26 10:19:24 +01:00
f0x52
6680cca07f
clarify what session provider 'db' does (#19713)
* clarify what session provider 'db' does

* Also update session.PROVIDER in app.example.ini

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-05-16 00:40:29 +08:00
Jimmy Praet
a61a47f9a0
Update documentation to disable duration settings with -1 instead of 0 (#19647)
To turn off the notification endpoint polling, the value should be set to -1, not 0.
2022-05-09 18:33:19 +02:00
6543
e2a3f3d259
Federation: return useful statistic information for nodeinfo (#19561)
Add statistic information for total user count, active user count, issue count and comment count for `/nodeinfo`
2022-05-02 21:35:45 +08:00
Pawel Boguslawski
85579dcab5
Disable unnecessary GitHooks elements
This mod fixes disabling unnecessary GitHooks elements.

Related: https://github.com/go-gitea/gitea/pull/13129
Author-Change-Id: IB#1115251
2022-04-26 22:06:58 +01:00
wxiaoguang
d906858847
Use "main" as default branch name (#19354)
* Use "main" as default branch name

* fix test code
2022-04-08 23:26:48 -05:00
techknowlogick
d4f4e95c63
escape fake link 2022-04-05 13:30:07 -04:00
techknowlogick
48dc88acd0
Allow custom redirect for landing page (#19324)
* Allow custom redirect for landing page

* Update modules/setting/setting.go

Co-authored-by: delvh <dev.lh@web.de>

* fix lint

* one option

Co-authored-by: delvh <dev.lh@web.de>
2022-04-05 12:16:01 -04:00
wxiaoguang
d242511e86
Remove legacy unmaintained packages, refactor to support change default locale (#19308)
Remove two unmaintained vendor packages `i18n` and `paginater`. Changes:
* Rewrite `i18n` package with a more clear fallback mechanism. Fix an unstable `Tr` behavior, add more tests.
* Refactor the legacy `Paginater` to `Paginator`, test cases are kept unchanged.

Trivial enhancement (no breaking for end users):
* Use the first locale in LANGS setting option as the default, add a log to prevent from surprising users.
2022-04-03 17:46:48 +08:00
KN4CK3R
1d332342db
Add Package Registry (#16510)
* Added package store settings.

* Added models.

* Added generic package registry.

* Added tests.

* Added NuGet package registry.

* Moved service index to api file.

* Added NPM package registry.

* Added Maven package registry.

* Added PyPI package registry.

* Summary is deprecated.

* Changed npm name.

* Sanitize project url.

* Allow only scoped packages.

* Added user interface.

* Changed method name.

* Added missing migration file.

* Set page info.

* Added documentation.

* Added documentation links.

* Fixed wrong error message.

* Lint template files.

* Fixed merge errors.

* Fixed unit test storage path.

* Switch to json module.

* Added suggestions.

* Added package webhook.

* Add package api.

* Fixed swagger file.

* Fixed enum and comments.

* Fixed NuGet pagination.

* Print test names.

* Added api tests.

* Fixed access level.

* Fix User unmarshal.

* Added RubyGems package registry.

* Fix lint.

* Implemented io.Writer.

* Added support for sha256/sha512 checksum files.

* Improved maven-metadata.xml support.

* Added support for symbol package uploads.

* Added tests.

* Added overview docs.

* Added npm dependencies and keywords.

* Added no-packages information.

* Display file size.

* Display asset count.

* Fixed filter alignment.

* Added package icons.

* Formatted instructions.

* Allow anonymous package downloads.

* Fixed comments.

* Fixed postgres test.

* Moved file.

* Moved models to models/packages.

* Use correct error response format per client.

* Use simpler search form.

* Fixed IsProd.

* Restructured data model.

* Prevent empty filename.

* Fix swagger.

* Implemented user/org registry.

* Implemented UI.

* Use GetUserByIDCtx.

* Use table for dependencies.

* make svg

* Added support for unscoped npm packages.

* Add support for npm dist tags.

* Added tests for npm tags.

* Unlink packages if repository gets deleted.

* Prevent user/org delete if a packages exist.

* Use package unlink in repository service.

* Added support for composer packages.

* Restructured package docs.

* Added missing tests.

* Fixed generic content page.

* Fixed docs.

* Fixed swagger.

* Added missing type.

* Fixed ambiguous column.

* Organize content store by sha256 hash.

* Added admin package management.

* Added support for sorting.

* Add support for multiple identical versions/files.

* Added missing repository unlink.

* Added file properties.

* make fmt

* lint

* Added Conan package registry.

* Updated docs.

* Unify package names.

* Added swagger enum.

* Use longer TEXT column type.

* Removed version composite key.

* Merged package and container registry.

* Removed index.

* Use dedicated package router.

* Moved files to new location.

* Updated docs.

* Fixed JOIN order.

* Fixed GROUP BY statement.

* Fixed GROUP BY #2.

* Added symbol server support.

* Added more tests.

* Set NOT NULL.

* Added setting to disable package registries.

* Moved auth into service.

* refactor

* Use ctx everywhere.

* Added package cleanup task.

* Changed packages path.

* Added container registry.

* Refactoring

* Updated comparison.

* Fix swagger.

* Fixed table order.

* Use token auth for npm routes.

* Enabled ReverseProxy auth.

* Added packages link for orgs.

* Fixed anonymous org access.

* Enable copy button for setup instructions.

* Merge error

* Added suggestions.

* Fixed merge.

* Handle "generic".

* Added link for TODO.

* Added suggestions.

* Changed temporary buffer filename.

* Added suggestions.

* Apply suggestions from code review

Co-authored-by: Thomas Boerger <thomas@webhippie.de>

* Update docs/content/doc/packages/nuget.en-us.md

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Thomas Boerger <thomas@webhippie.de>
2022-03-30 16:42:47 +08:00
zeripath
97625b44e7
Provide configuration to allow camo-media proxying (#12802)
* Provide configuration to allow camo-media proxying

Fix #916

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-29 10:27:37 +02:00
Pilou
893c8938fc
New cron task: delete old system notices (#19219)
Add a new cron task which deletes the old system notices.
2022-03-28 13:54:59 +01:00
zeripath
acb9fc5f8e
Make cron task no notice on success (#19221)
Change all cron tasks to make them no notice on success default. Instead if a user
wants notices on success they need to add NOTICE_ON_SUCCESS=true instead.

 ## ⚠️ BREAKING ⚠️

This changes the cron config so that notices on success are no longer set by default
and breaks NO_SUCCESS_NOTICE settings. Instead users who want notices on success
must set NOTICE_ON_SUCCESS=true instead.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update custom/conf/app.example.ini

Co-authored-by: Norwin <noerw@users.noreply.github.com>

Co-authored-by: Norwin <noerw@users.noreply.github.com>
2022-03-26 21:13:04 +00:00
zeripath
fda5b9fc3e
Add warning to set SENDMAIL_ARGS to -- (#19102)
Even with #17688 email addresses that contain an initial `-` may still be present in the db and it may in future still be possible to imagine a situation whereby initial `-` are repermitted.

This PR simply updates the documentation to warn users to set their SENDMAIL_ARGS with a terminal `--` to prevent this possibility email addresses being interpreted as options.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-18 15:19:02 +01:00
Gusted
6ab4a96855
Update golang.org/x/crypto (#19097)
* Update golang.org/x/crypto

- Update dependency to include fix for CVE.
- See https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ?utm_medium=email&utm_source=footer

* Fix deprecation notice

* Remove workaround

- Introduced in https://github.com/go-gitea/gitea/pull/17281
- Fixed in x/crypto:
- 5d542ad81a
- & 3147a52a75

* Update Kex Algorithms

- Use standardized name for curve22519-sha256. 9b076918e3
- Prefer SHA256 version over SHA1 version. e4b3678e5f
2022-03-16 02:59:53 +01:00
Lunny Xiao
b24e8d38af
Support ignore all santize for external renderer (#18984)
* Support ignore all santize for external renderer

* Update docs

* Apply suggestions from code review

Co-authored-by: silverwind <me@silverwind.io>

* Fix doc

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: 6543 <6543@obermui.de>
2022-03-06 16:41:54 +08:00
KN4CK3R
f3cbdee38e
Don't clean up hardcoded tmp (#18983)
* Don't clean up hardcoded `tmp`.

* Fixed import.
2022-03-02 23:50:29 +01:00
silverwind
fa0e2d60c2
Disable service worker by default (#18914)
The service worker causes a lot of issues with JS errors after instance
upgrades while not bringing any real performance gain over regular HTTP
caching.

Disable it by default for this reason. Maybe later we can remove it
completely, as I simply see no benefit in having it.
2022-02-26 18:14:23 +08:00
Gusted
581d29ec1d
Update SSH Server crypto settings (#18697)
- Use a better and more curated list of Ciphers and KeyExchanges, these roughly follows OpenSSH's default.
- Remove some cryptography values which were deprecated.
2022-02-10 17:04:16 +01:00
Cristian Le
60f203385e
Support custom ACME provider (#18340)
* Added ACMECAURL option to support custom ACME provider. Closes #18306
* Refactor setting.go https settings, renamed options and variables, and documented app.example.ini
* Refactored runLetsEncrypt to runACME
* Improved documentation
2022-02-08 13:45:35 +08:00
Clar Fon
99d14f6051
Add separate SSH_USER config option (#17584)
Co-authored-by: zeripath <art27@cantab.net>
2022-02-07 16:56:45 -05:00
wxiaoguang
5bf8d5445e
Refactor Router Logger (#17308)
Make router logger more friendly, show the related function name/file/line.

[BREAKING]
This PR substantially changes the logging format of the router logger. If you use this logging for monitoring e.g. fail2ban you will need to update this to match the new format.
2022-01-20 19:41:25 +08:00
Lunny Xiao
35c3553870
Support webauthn (#17957)
Migrate from U2F to Webauthn

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-14 16:03:31 +01:00
Greg Myers
79791ba4ac
Fix typos in docs/content (#18215) 2022-01-09 19:53:03 +08:00
Gusted
4b3bfd7e89
Enable partial clone by default (#18195)
- Enable partial clones(which are by default disabled from git) by
default, unless configured otherwise.
- Resolves #18190
2022-01-06 06:38:38 +01:00
zeripath
1514e13bb8
Add option to convert CRLF to LF line endings for sendmail (#18075)
It appears that several versions of sendmail require that the mail is sent to them with
LF line endings instead of CRLF endings - which of course they will then convert back
to CRLF line endings to comply with the SMTP standard.

This PR adds another setting SENDMAIL_CONVERT_CRLF which will pass the message writer
through a filter. This will filter out and convert CRLFs to LFs before writing them
out to sendmail.

Fix #18024

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-06 01:43:45 +01:00
Gusted
165346c15c
Add MP4 as default allowed attachment type (#18170) 2022-01-04 04:36:47 +01:00
Rolf Kaiser
4da2eabd7f
doc: clarify INSTALL_LOCK behavior (#17945) 2021-12-26 11:25:42 +08:00
qwerty287
5754080eb9
Fix various typos of software names (#18083)
* `git` -> `Git`
* `Github` and `github` -> `GitHub`
* `crowdin` -> `Crowdin`
* `git-lfs` -> `Git LFS`
* `githooks`, `git hooks`, `git-hooks` -> `Git Hooks`
* `discord` -> `Discord`
* `2fa` -> `2FA`
* `gitlab` and `Gitlab` -> `GitLab`
* `web hook` -> `webhook`
* `linux` -> `Linux`
* `sqlite` -> `SQLite`
* `MYSQL` and `mysql` -> `MySQL`
* rename refs to `master` branch -> `main`
* Fix English grammar
2021-12-24 11:56:57 +08:00
silverwind
cc129d2ca2
Make AvatarRenderedSizeFactor configurable and set it to 3 (#17951)
Save a bit of bandwidth by only requesting 3-times the rendered avatar
size. Factor 4 is only really beneficial on a handful of mobile phones
and I don't think they are the primary device we design for.

Configurability contributed by zeripath.

Fixes: https://github.com/go-gitea/gitea/pull/17422
Fixes: https://github.com/go-gitea/gitea/issues/16287

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-12-16 10:18:38 +08:00
Lunny Xiao
3ca5dc7e32
Move keys to models/asymkey (#17917)
* Move keys to models/keys

* Rename models/keys -> models/asymkey

* change the missed package name

* Fix package alias

* Fix test

* Fix docs

* Fix test

* Fix test

* merge
2021-12-10 16:14:24 +08:00
mscherer
f49d160447
Replace "unix" by "http+unix" for PROTOCOL (#17771) 2021-12-05 23:46:11 -05:00
zeripath
b5a9ee94fd
Make Co-committed-by and co-authored-by trailers optional (#17848)
This PR adds another option to app.ini make co-committed-by and co-authored-by trailers
optional on a per server basis.

Fix #17194

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-29 07:09:55 +00:00
qwerty287
b1df890951
Docs: replace gitea with Gitea (#17838)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-11-28 21:28:30 +08:00
zeripath
72d82c5b6f
Handle relative unix socket paths (#17836)
Make relative unix sockets absolute by making them absolute against the AppWorkPath

Fix #17833

## ⚠️ BREAKING ⚠️ 

Prior to this PR relative unix sockets would have been asserted to be relative to the current working directory that gitea, gitea serv, hook and manager etc were running in. Hooks and Serv would have failed to work properly under this situation so we expect that although this is a technically breaking change the previous situation was already broken.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-27 20:22:03 +00:00
zeripath
188fd2dd1a
Add PULL_LIMIT and PUSH_LIMIT to cron.update_mirror task (#17568) 2021-11-22 22:09:35 -05:00
wxiaoguang
013fb73068
Use hostmatcher to replace matchlist, improve security (#17605)
Use hostmacher to replace matchlist.

And we introduce a better DialContext to do a full host/IP check, otherwise the attackers can still bypass the allow/block list by a 302 redirection.
2021-11-20 17:34:05 +08:00
zeripath
c96be0cd98
Make SSL cipher suite configurable (#17440) 2021-11-20 01:12:43 -05:00
zeripath
38347aa16f
Add settings to allow different SMTP envelope from address (#17479)
* Add settings to allow different SMTP envelope from address

Sometimes it may be advisable to hide or alias the from address on an SMTP mail
envelope. This PR adds two new options to the mailer to allow setting of an overriding
from address.

Fix #17477

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-19 23:35:20 +08:00
zeripath
3c4724d70e
Add .gitattribute assisted language detection to blame, diff and render (#17590)
Use check attribute code to check the assigned language of a file and send that in to
chroma as a hint for the language of the file.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-17 20:37:00 +00:00
wxiaoguang
d168f0498b
Fix documents for ALLOWED_HOST_LIST, its default value differs between 1.15 and 1.16 (#17530)
* fix documents for ALLOWED_HOST_LIST, its default value differs between 1.15 and 1.16
2021-11-08 11:25:41 +08:00
wxiaoguang
599ff1c054
Only allow webhook to send requests to allowed hosts (#17482) 2021-11-01 16:39:52 +08:00
zeripath
7117c7774a
Make the Mirror Queue a queue (#17326)
Convert the old mirror syncing queue to the more modern queue format.

Fix a bug in the from the repo-archive queue PR - the assumption was made that uniqueness could be enforced with by checking equality in a map in channel unique queues - however this only works for primitive types - which was the initial intention but is an imperfect. This is fixed by marshalling the data and placing the martialled data in the unique map instead.

The documentation is also updated to add information about the deprecated configuration values.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-17 12:43:25 +01:00
techknowlogick
8edda8b446
Add simple update checker to Gitea (#17212)
* Add simple update checker to Gitea

* update struct and remove comments

* fix lint

* Update custom/conf/app.example.ini

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-authored-by: delvh <dev.lh@web.de>

* Update custom/conf/app.example.ini

Co-authored-by: delvh <dev.lh@web.de>

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-authored-by: delvh <dev.lh@web.de>

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-authored-by: Steven <61625851+justusbunsi@users.noreply.github.com>

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

* Update modules/cron/tasks_extended.go

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

* Update custom/conf/app.example.ini

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

* take PR feedback into account and display banner on admin dashboard for alerts

* Add more detailed message

* placate lint

* update per feedback

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Steven <61625851+justusbunsi@users.noreply.github.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-10-16 02:14:34 -04:00
zeripath
01b9d35f1a
Disable core.protectNTFS (#17300)
core.protectNTFS protects NTFS from files which may be difficult to remove or interact
with using the win32 api, however, it also appears to prevent such files from
being entered into the git indexes - fundamentally causing breakages with PRs that
affect these files. However, deliberately setting this to false may cause security
issues due to the remain sparse checkout of files in the merge pipeline.

The only sensible option therefore is to provide an optional setting which admins
could set which would forcibly switch this off if they are affected by this issue.

Fix #17092

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-10-13 14:20:11 -04:00
Romain
987152ba40
Add metrics to get issues by repository (#17225) 2021-10-05 20:39:37 +02:00
Romain
fc5ee1edf9
Add metrics to get issues by label (#17201)
* Add metrics to get issues by label

* Add comment on IssueByLabelCount

* Code review - Unify "AS" in SQL (#17201)

* Code review - Remove useless join (#17201)

* Code review - Disable issue_by_label by default in settings (#17201)

* use e

* restore empty line

* update docs

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-10-03 18:46:44 -04:00
techknowlogick
babab0bf5e
Add nodeinfo endpoint for federation purposes (#16953)
Nodeinfo is a way to expose certain metadata about a server for use of discovery regarding functionality of its federation capabilities.

Two endpoints are required:
1. `/.well-known/nodeinfo` which informs client where it can find the location of the location of its metadata (including which version of the schema is used)
2. the endpoint which exposes the metadata in json format according to schema.

Notes:
* `openRegistrations` is a required field, but I propose to set to false as default in case someone writes a crawler to discover "open" gitea instances
* to limit data leakage I also propose to not include the `usage` field (note it is required so it should be included, but left as empty).

More info:
https://github.com/jhass/nodeinfo
https://github.com/jhass/nodeinfo/tree/main/schemas/2.1
http://nodeinfo.diaspora.software/protocol.html
2021-09-28 01:38:06 +02:00
Gwyneth Morgan
4e0cca3f7d
Use light/dark theme based on system preference (#17051)
Add a new default theme `auto`, which will automatically switch between
`gitea` (light) and `arc-green` (dark) themes depending on the user's
operating system settings.

Closes: #8183
2021-09-27 15:47:44 +01:00
Forest Johnson
868e937a53
docs: explain where are settings for release files (#17161)
Just a tiny change to save someone some time while reading the docs. I got lost in the angular code and npm packages trying to reverse engineer it  and figure out what setting controlled this file limit: 

![image](https://user-images.githubusercontent.com/7119703/134829716-8f587878-21a3-413b-ba1e-c2bbe9391ad2.png)

Eventually I tracked it down from

b74a0f9060/options/locale/locale_en-US.ini (L2776)

to

b74a0f9060/templates/repo/upload.tmpl (L11)

to 

b74a0f9060/web_src/js/index.js (L1043) 

to 

b74a0f9060/web_src/js/features/dropzone.js (L3)

to

https://www.npmjs.com/package/dropzone

and then I realized I can't read 😅,  back  to 

b74a0f9060/templates/repo/upload.tmpl (L8)

and quickly solved it from there!! 

b74a0f9060/modules/upload/upload.go (L81)


Yes  I know this long path was 90% me failing to read code properly and going on a red herring journey...  but point is we should not have to do this in the first place to know how to  configure this file upload form 🥺 👉 👈
2021-09-27 14:00:54 +01:00
6543
e14b52ea36
Enable Malayalam, Greek, Persian, Hungarian & Indonesian by default (#16998) 2021-09-09 14:16:42 +08:00
6543
63d7cbcef1
Make mirror feature more configurable (#16957)
Rename`[repository]` `DISABLE_MIRRORS` to `[mirror]` `DISABLE_NEW_PULL`  and add `ENABLED` and `DISABLE_NEW_PUSH` with the below meanings:

- `ENABLED`: **true**: Enables the mirror functionality. Set to **false** to disable all mirrors.
- `DISABLE_NEW_PULL`: **false**: Disable the creation of **new** mirrors. Pre-existing mirrors remain valid.
- `DISABLE_NEW_PUSH`: **false**: Disable the creation of **new** push mirrors. Pre-existing mirrors remain valid.


Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
2021-09-07 17:49:36 +02:00
Lunny Xiao
d985d4bc2f
Paginate releases page & set default page size to 10 (#16857)
* Add release default page and set it to 10

* use limit

Co-authored-by: 6543 <6543@obermui.de>
2021-08-29 18:25:16 +02:00
Lunny Xiao
f9acad82ca
Add proxy settings and support for migration and webhook (#16704)
* Add proxy settings and support for migration and webhook

* Fix default value

* Add newline for example ini

* Add lfs proxy support

* Fix lint

* Follow @zeripath's review

* Fix git clone

* Fix test

* missgin http requests for proxy

* use empty

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2021-08-18 21:10:39 +08:00
zeripath
e0853d4a21
Add API Token Cache (#16547)
One of the issues holding back performance of the API is the problem of hashing.
Whilst banning BASIC authentication with passwords will help, the API Token scheme
still requires a PBKDF2 hash - which means that heavy API use (using Tokens) can
still cause enormous numbers of hash computations.

A slight solution to this whilst we consider moving to using JWT based tokens and/or
a session orientated solution is to simply cache the successful tokens. This has some
security issues but this should be balanced by the security issues of load from
hashing.

Related #14668

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-08-17 14:30:42 -04:00
zeripath
afd88a2418
Allow setting X-FRAME-OPTIONS (#16643)
* Allow setting X-FRAME-OPTIONS

This PR provides a mechanism to set the X-FRAME-OPTIONS header.

Fix #7951

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-authored-by: John Olheiser <john.olheiser@gmail.com>

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2021-08-06 16:47:10 -04:00
Clar Fon
80b7889fee
Clarify where server.LFS_CONTENT_PATH was moved to (#16601)
Signed-off-by: ltdk <usr@ltdk.xyz>
2021-08-03 09:03:04 +01:00
zeripath
f135a818f5
Make Mermaid.js limit configurable (#16519)
* Make Mermaid.js limit configurable

Add `MERMAID_MAX_SOURCE_CHARACTERS` to `[markup]` settings
to make the maximum size of a mermaid render configurable.

Fix #16513

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fixup! Make Mermaid.js limit configurable

* Update custom/conf/app.example.ini

Co-authored-by: silverwind <me@silverwind.io>

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-authored-by: silverwind <me@silverwind.io>

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-07-24 00:21:51 -04:00
qwerty287
ab77768fce
Fix typo (#16522) 2021-07-23 15:05:37 +02:00
Antoine Goutenoir
bb7a7c4292
docs: fix various typos and translate to french (#16477)
Co-authored-by: 6543 <6543@obermui.de>
2021-07-18 12:21:32 -04:00
Richard Nienaber
908136c557
add configuration option to restrict users by default (#16256)
* add configuration option to restrict users by default

* default IsRestricted permission only set on sign up

setting this in the model messes with other workflows (e.g. syncing LDAP users) where the IsRestricted permission needs to be explicitly set and not overridden by a config value

* fix formatting

* Apply suggestions from code review

* ensure newly created user is set to restricted

* ensure imports are in the correct order

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-07-15 15:19:48 -04:00
Jimmy Praet
8df3d6575a
Change @every 24h default schedules to @midnight (#16431) 2021-07-15 11:55:48 -04:00
zeripath
2f725cbc9e
Add LRU mem cache implementation (#16226)
The current default memory cache implementation is unbounded in size and number of
objects cached. This is hardly ideal.

This PR proposes creating a TwoQueue LRU cache as the underlying cache for Gitea.
The cache is limited by the number of objects stored in the cache (rather than size)
for simplicity. The default number of objects is 50000 - which is perhaps too small
as most of our objects cached are going to be much less than 1kB.

It may be worth considering using a different LRU implementation that actively limits
sizes or avoids GC - however, this is just a beginning implementation.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-10 23:54:15 +02:00
luzpaz
e0296b6a6d
Fix various documentation, user-facing, and source comment typos (#16367)
* Fix various doc, user-facing, and source comment typos

Found via `codespell -q 3 -S ./options/locale,./vendor -L ba,pullrequest,pullrequests,readby`
2021-07-08 13:38:13 +02:00
6543
836884429a
Add forge emojies (#16296)
* codeberg :codeberg:
* gitlab :gitlab:
* git :git:
* github :github:
* gogs :gogs:
2021-07-02 16:04:57 +02:00
zeripath
9979983283
Update Go-Git to take advantage of LargeObjectThreshold (#16316)
Following the merging of https://github.com/go-git/go-git/pull/330 we
can now add a setting to avoid go-git reading and caching large objects.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-06-30 22:58:45 +02:00
6543
653704c102
Add Vultr and DO Marketplace links (#16297)
* fix emoji img path

* move cloudron

* Add Vultr and DO
2021-06-29 15:42:47 -04:00
6543
65548359cc
Add custom emoji support (#16004) 2021-06-29 16:28:38 +02:00
6543
0b27b93728
Make allowed Visiblity modes configurable for Users (#16271)
Now that #16069 is merged, some sites may wish to enforce that users are all public, limited or private, and/or disallow users from becoming private.

This PR adds functionality and settings to constrain a user's ability to change their visibility.

Co-authored-by: zeripath <art27@cantab.net>
2021-06-27 19:47:35 +01:00
Sergey Dryabzhinsky
22a0636544
Add Visible modes function from Organisation to Users too (#16069)
You can limit or hide organisations. This pull make it also posible for users

- new strings to translte
- add checkbox to user profile form
- add checkbox to admin user.edit form
- filter explore page user search
- filter api admin and public user searches
- allow admins view "hidden" users
- add app option DEFAULT_USER_VISIBILITY
- rewrite many files to use Visibility field
- check for teams intersection
- fix context output
- right fake 404 if not visible

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-06-26 20:53:14 +01:00
ayb
9b33d18899
Added support for gopher URLs. (#14749)
* Added support for gopher URLs.

* Add setting and make this user settable instead

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-06-25 18:38:27 -04:00
Lunny Xiao
b223d36195
Rework repository archive (#14723)
* Use storage to store archive files

* Fix backend lint

* Add archiver table on database

* Finish archive download

* Fix test

* Add database migrations

* Add status for archiver

* Fix lint

* Add queue

* Add doctor to check and delete old archives

* Improve archive queue

* Fix tests

* improve archive storage

* Delete repo archives

* Add missing fixture

* fix fixture

* Fix fixture

* Fix test

* Fix archiver cleaning

* Fix bug

* Add docs for repository archive storage

* remove repo-archive configuration

* Fix test

* Fix test

* Fix lint

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-06-23 17:12:38 -04:00
KN4CK3R
c9c7afda1a
Add sanitizer rules per renderer (#16110)
* Added sanitizer rules per renderer.

* Updated documentation.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-06-23 17:09:51 -04:00
KN4CK3R
31f6b95dfa
Use data path instead of config path (#16227) 2021-06-23 16:56:25 +02:00
zeripath
6a083a7234
Update documentation for Implicit TLS (#16220)
As per RFC 8314, it is now recommended to prefer TLS over STARTTLS.

Fix #16160

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-06-21 14:34:37 -04:00
parnic
35742d4af7
Reintroduce squash merge default comment as a config setting (#16134)
* Reinstate most of commit 09304db9a5

* Move the behaviour behind a config setting

* Also fix the initial #12365
2021-06-19 00:08:22 +02:00
KN4CK3R
29695cd6d5
Add asymmetric JWT signing (#16010)
* Added asymmetric token signing.

* Load signing key from settings.

* Added optional kid parameter.

* Updated documentation.

* Add "kid" to token header.
2021-06-17 23:56:46 +02:00
zeripath
ffbf35b7e9
Clean-up the settings hierarchy for issue_indexer queue (#16001)
There are a couple of settings in `[indexer]` relating to the `issue_indexer` queue
which override settings in unpredictable ways. This PR adjusts this hierarchy and makes
explicit that these settings are deprecated.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-06-16 18:19:20 -04:00
zeripath
95352e6bd5
Make command in authorized keys a template (#16003)
Fix #15595
Replaces #15978

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-06-14 21:15:12 -04:00
zeripath
daa5a23548
Set self-adjusting deadline for connection writing (#16068)
* Set self-adjusting deadline for connection writing

In #16055 it appears that the simple 5s deadline doesn't work for large
file writes. Now we can't - or at least shouldn't just set no deadline
as go will happily let these connections block indefinitely. However,
what seems reasonable is to set some minimum rate we expect for writing.

This PR suggests the following algorithm:

* Every write has a minimum timeout of 5s (adjustable at compile time.)
* If there has been a previous write - then consider its previous
deadline, add half of the minimum timeout + 2s per kb about to written.
* If that new deadline is after the minimum timeout use that.

Fix #16055

* Linearly increase timeout

* Make PerWriteTimeout, PerWritePerKbTimeouts configurable

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
2021-06-11 00:25:25 +03:00
Kyle D
a5d8f58341
Update queue workers for v1.15 (#15999)
* Update queue workers for v1.15

* update app.example.ini

* update re queue path

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-05-28 13:33:52 -04:00
a1012112796
fec8324026
add a new internal hook to save ssh log (#15787)
* add a new internal hook to save ssh log

as title, when a ssh error ocure like #15785.
only when switch ``RUN_MODE`` to dev can we
found which error is ocure. But this way is
not a good idea for production envirment.

this changes try save ssh error mesage to the
log file like other log by a new internal hook.
I think it's usefull for find error message
in production envirment. Thanks.

Signed-off-by: a1012112796 <1012112796@qq.com>

* rename and fix nit

* Update modules/private/hook.go

Co-authored-by: silverwind <me@silverwind.io>

Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-05-21 17:37:16 -04:00
Adam Szatyin
d86d123322
Add mimetype mapping settings (#15133)
* Fix APK's Content-Type header

* Fix case sensitive comparison

* Add custom mime type mapping for downloadable files

* Add documentation for MIME type mapping

* Rename download.mimetype.mapping configuration to repository.mimetype_mapping

Co-authored-by: zeripath <art27@cantab.net>
2021-05-10 16:38:08 -04:00
a1012112796
75d8297045
add note about `cron.SCHEDULE` format in document (#15812)
* add note about ``cron.SCHEDULE`` format in document

Signed-off-by: a1012112796 <1012112796@qq.com>

* Update custom/conf/app.example.ini

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-05-10 12:54:45 -04:00
6543
a229e34387
Allow only internal registration (#15795)
* Add ALLOW_ONLY_INTERNAL_REGISTRATION into settings

* OpenID respect setting too
2021-05-09 16:13:35 +02:00
6543
16034bb613
OAuth2 login: Set account link to "login" as default behavior (#15768) 2021-05-07 16:15:16 +02:00
a1012112796
ae6d7860be
add cron job to delete old actions from database (#15688)
that's a way to save database storage space.

Signed-off-by: a1012112796 <1012112796@qq.com>
2021-05-01 14:17:02 +02:00
yearski
49b28956e2
Docs: fix location for custom/options/license (#15671) 2021-04-30 16:36:28 +02:00
Dong Nguyen
6ea6e2b4eb
Update config-cheat-sheet.en-us.md (#15606)
Add more guide about `PROVIDER_CONFIG` when `PROVIDER` is `db` (https://github.com/go-gitea/gitea/issues/14016)
2021-04-24 16:58:40 +02:00
Kyle D
f44543a1bb
Disable Stars config option (#14653)
* Add config option to disable stars

* Replace "stars" with watched in user profile

* Add documentation
2021-04-15 18:53:57 +02:00
Martin Michaelis
55eb1745bd
OAuth2 auto-register (#5123)
* Refactored handleOAuth2SignIn in routers/user/auth.go

The function handleOAuth2SignIn was called twice but some code path could only
be reached by one of the invocations. Moved the unnecessary code path out of
handleOAuth2SignIn.


* Refactored user creation

There was common code to create a user and display the correct error message.
And after the creation the only user should be an admin and if enabled a
confirmation email should be sent. This common code is now abstracted into
two functions and a helper function to call both.

* Added auto-register for OAuth2 users

If enabled new OAuth2 users will be registered with their OAuth2 details.
The UserID, Name and Email fields from the gothUser are used.
Therefore the OpenID Connect provider needs additional scopes to return
the coresponding claims.

* Added error for missing fields in OAuth2 response

* Linking and auto linking on oauth2 registration

* Set default username source to nickname

* Add automatic oauth2 scopes for github and google

* Add hint to change the openid connect scopes if fields are missing

* Extend info about auto linking security risk

Co-authored-by: Viktor Kuzmin <kvaster@gmail.com>
Signed-off-by: Martin Michaelis <code@mgjm.de>
2021-04-14 14:02:12 +02:00
Lunny Xiao
66f0fd0959
Add NeedPostProcess for Parser interface to improve performance of csv render (#15153) 2021-04-13 15:06:31 +08:00
Kyle D
8d9f191195
Update docs for bad ini syntax in noreply (#15226) 2021-03-31 17:13:46 -04:00
KN4CK3R
0c6137617f
Add Tabular Diff for CSV files (#14661)
Implements request #14320 The rendering of CSV files does match the diff style.

* Moved CSV logic into base package.

* Added method to create a tabular diff.

* Added CSV compare context.

* Added CSV diff template.

* Use new table style in CSV markup.

* Added file size limit for CSV rendering.

* Display CSV parser errors in diff.

* Lazy read single file.

* Lazy read rows for full diff.

* Added unit tests for various CSV changes.
2021-03-29 22:44:28 +02:00
Lauris BH
044cd4d016
Add reverse proxy configuration support for remote IP address (#14959)
* Add reverse proxy configuration support for remote IP address validation

* Trust all IP addresses in containerized environments by default

* Use single option to specify networks and proxy IP addresses. By default trust all loopback IPs

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-03-16 00:27:28 +02:00
zeripath
c8e5c79cfd
Add ui.explore settings to control view of explore pages (2) (#14094)
This is an alternative PR to #13687.

Add `[ui.explore]` settings to allow restricting the
explore pages to logged in users only and to disable the users explore page.

The two proposed settings are:

- `REQUIRE_SIGNIN_VIEW`: Only allows access to the explore pages if the
user is signed in. Also restricts
  - `/api/v1/user/search`
  - `/api/v1/users/{username}`
  - `/api/v1/users/{username}/repos`
  - but does not restrict `/api/v1/users/{username}/heatmap`
- `DISABLE_USERS_PAGE`: Disables the /explore/users page

Fix #2908

Close #13687 

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2021-03-11 13:40:54 +00:00
KN4CK3R
bc423a1e84
Use correct default value (#14949)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-03-11 00:09:30 -05:00
zeripath
c03f530212
Make internal SSH server host key path configurable (#14918)
* Make SSH server host key path configurable

* make it possible to have multiple keys

* Make gitea.rsa the default key

* Add some more logging

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-03-08 03:43:59 +01:00