13955 Commits

Author SHA1 Message Date
5ba23066ff Bump golang.org/x/text (#21412)
- Update the `golang.org/x/text` dependency, this fixes [a security
issue](https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ).
2022-10-11 20:01:07 +01:00
a99074b267 Update gitea.service (#21399)
`LimitMEMLOCK=infinity` is already the default, so removed that

Default soft limit for LimitNOFILE is 1024
Default hard limit for LimitNOFILE is 524288

`LimitNOFILE=65535` increases the soft limit, but decreases the hard
limit

References:
* https://www.freedesktop.org/software/systemd/man/systemd.exec.html
*
https://blog.skbali.com/2019/09/set-ulimits-for-a-script-started-using-systemd/

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-10-11 12:26:32 -04:00
4a23212102 Do DB update after merge in hammer context (#21401)
When merge was changed to run in the background context, the db updates
were still running in request context. This means that the merge could
be successful but the db not be updated.

This PR changes both these to run in the hammer context, this is not
complete rollback protection but it's much better.

Fix #21332

Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-11 12:26:22 -04:00
5aceedc7fd add gitpod config (#20995)
Add a config for <https://www.gitpod.io/>. This allows users to easily
run an online IDE pre-configured to develop and test Gitea by opening
<https://gitpod.io/#https://github.com/go-gitea/gitea>.

[![Open in
Gitpod](https://gitpod.io/button/open-in-gitpod.svg)](https://gitpod.io/#https://github.com/go-gitea/gitea)

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-10-11 12:15:14 -04:00
9b7675d0cf Remove cancel button in repo creation page (#21381) 2022-10-11 22:47:35 +08:00
ea3c6c6d7b Improve clarity for camo proxy parameters (#21386)
Updates the Config Cheat Sheet for the `ALLWAYS` option in Camo proxy.

- Clarifies the behavior for true (both HTTP and HTTPS is proxied) vs
false (only HTTP is proxied)
- Minor grammar and typo improvements

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-11 21:12:44 +08:00
8752d89be7 Redirect to new repository owner (#21398)
Fixes #17655

If you rename `user1` to `user2` and visit `/user1` you get redirected
to `/user2`. But if you visit `/user1/repo` you just get a 404 error.
With this PR the user is redirected to `/user2/repo`.
2022-10-11 19:54:44 +08:00
2d4c6321c3 Use ISO date format instead of hard-coded English date format for date range in repo activity page (#21396)
January 2, 2006 -> 2006-01-02

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
2022-10-11 18:48:17 +08:00
1428877c37 log real ip of requests from ssh (#21216)
Partially fix #21213.

This PR will get client IP address from SSH_CONNECTION env which should
be the first field of that. And deliver it to the internal API so Gitea
routers could record the real IP from SSH requests.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2022-10-11 16:57:37 +08:00
c540ee08d3 Add Num{Issues,Pulls} stats checks (#21404)
- Currently `repository.Num{Issues,Pulls}` weren't checked and could
become out-of-consistency. Adds these two checks to `CheckRepoStats`.
- Fix incorrect SQL query for `repository.NumClosedPulls`, the check
should be for `repo_num_pulls`.
- Reference: https://codeberg.org/Codeberg/Community/issues/696
2022-10-11 07:41:39 +01:00
b59b0cad0a Add user/organization code search (#19977)
Fixes #19925 

Screenshots:

![attels](https://user-images.githubusercontent.com/165205/173864718-fe789429-55bc-4cad-808c-9f02f335cddf.png)
2022-10-11 00:12:03 +01:00
3ccebf7f40 Stop logging CheckPath returns error: context canceled (#21064)
We should only log CheckPath errors if they are not simply due to
context cancellation - and we should add a little more context to the
error message.

Fix #20709

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-10-10 21:54:30 +01:00
94037ada24 Hook go-licenses into tidy again (#21353)
Running it as part of the build is really unnecessary because we have a
valid output file in the repo and assuming go dependencies do not change
unless go.mod also changes, tidy really is the best target to run the
license generation after.

Also, regenerate the file as I missed to do so during the chroma update,
and mark all json files in assets as generated.
2022-10-10 20:45:02 +02:00
083ac164dc Fix missing left and right carets in TRANSLATORS (#21397) 2022-10-10 10:36:37 -04:00
23b6827151 Fix calls to i18n in templates (#21394)
Although the `.i18n` has been refactored to `.locale`, some PRs using
`.i18n` were still merged.

* #20219
* #21246

This PR fixes the calls to `.i18n`.

At the moment, `{{.nosuch.nosuch "..."}}` won't cause template error so
these mistakes don't cause 500 and haven't been found.
2022-10-10 15:05:32 +01:00
7044d34ae5 Update JS dependencies and eslint config (#21388)
- Update all JS dependencies and playwright image
- Add new eslint rules, enable a few more, fix issues
- Regenerate SVGs
- Tested Vue and Swagger

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-10 20:02:20 +08:00
a813c9d8f3 Allow creation of OAuth2 applications for orgs (#18084)
Adds the settings pages to create OAuth2 apps also to the org settings
and allows to create apps for orgs.

Refactoring: the oauth2 related templates are shared for
instance-wide/org/user, and the backend code uses `OAuth2CommonHandlers`
to share code for instance-wide/org/user.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-09 20:07:41 +08:00
97f3f1988b Fix typos in PullRequestMergeForm.vue header comment (#21378)
Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
2022-10-09 15:17:01 +08:00
768e16dad1 Use weighted algorithm for string matching when finding files in repo (#21370)
This PR is for:
* https://github.com/go-gitea/gitea/issues/20231

Now, when a user searches `word`, they always see `/{word}.txt` before
`/{w}e-g{o}t-{r}esult.{d}at`

Demo:

When searching "a", "a.ext" comes first. 

Then when searching "at", the longer matched "template" comes first.

<details>


![image](https://user-images.githubusercontent.com/2114189/194588738-3644d891-956f-40e4-b79b-b97d34265456.png)


![image](https://user-images.githubusercontent.com/2114189/194588797-9b124670-4e1e-4510-a170-780295ed89b8.png)

</details>

This PR also makes the frontend tests could import feature JS files by
introducing `jestSetup.js`

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: silverwind <me@silverwind.io>
2022-10-08 12:22:44 +01:00
7bb12d7efa Bump playwright to 1.26.1 (#21357) 2022-10-08 16:54:34 +08:00
bbbf9a4b93 npm package registry support for bin (#21372)
Fix #21303

npm package.json supports binary packaging:
https://docs.npmjs.com/cli/v8/configuring-npm/package-json#bin

the npm registry documents that the binary references will be attached
to the abbreviated version object:

https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md#abbreviated-version-object

unfortunately their api documentation leaves this out:
https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md#abbreviated-version-objectdoc

which is likely to be the reason this was left out in gitea's initial
implementation

this response is critical for npm to install the binary in the `.bin`
folder so as to be included on the users default bin path, resulting in
immediate access to any binaries provided by the package
2022-10-08 13:24:44 +08:00
6c53cf852f Removed one extra whitespace in footer after "Template" (#21364) 2022-10-08 11:53:42 +08:00
f0aed8205b Fix formatted link for PR review notifications to matrix (#21319)
The PR review notifications HTML was written as markdown due to not
using `MatrixLinkFormatter`.
2022-10-07 22:06:34 +01:00
223556073c Show private data in feeds (#21369)
Show private data in feeds for admins and matching users.
2022-10-07 22:06:04 +01:00
7d2545d183 Add nicer error handling on template compile errors (#21350)
There are repeated issues reported whereby users are unable to interpret
the template errors. This PR adds some (somewhat complex) error handling
to the panic recovery for template renderering but hopefully makes the
interpretation of the error easier.

Reference #21344

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-10-07 22:02:24 +01:00
rj1
56aabf3e8d Fix some typos and update db transaction demo in backend guideline (#21322)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-08 02:12:19 +08:00
c08e42c47e Refactor parseTreeEntries, speed up tree list (#21368)
Close #20315 (fix the panic when parsing invalid input), Speed up #20231 (use ls-tree without size field)

Introduce ListEntriesRecursiveFast (ls-tree without size) and ListEntriesRecursiveWithSize (ls-tree with size)
2022-10-08 01:20:53 +08:00
69fc510d6d Add GET and DELETE endpoints for Docker blob uploads (#21367)
This PR adds support for
https://docs.docker.com/registry/spec/api/#get-blob-upload
https://docs.docker.com/registry/spec/api/#delete-blob-upload

Both are not required by the OCI spec but some clients call these
endpoints.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-07 23:30:59 +08:00
d94f15c2fd Make external issue tracker regexp configurable via API (#21338)
Fixes #21336 

Signed-off-by: Andrew Imeson <andrew@andrewimeson.com>
2022-10-07 20:49:30 +08:00
81d7270cde Add new CSS variables --color-accent and --color-small-accent (#21305)
At the moment, this is only used to replace the color of the `viewed`
checkbox and of the `has changed` label.
Previously, the used variable accentuated always either darker or
lighter, which meant that one theme looked good while the other didn't.

Co-authored-by: silverwind <me@silverwind.io>
2022-10-07 17:48:03 +08:00
30ca91666e Set SemverCompatible to false for Conan packages (#21275)
Fixes #21250
Related #20414

Conan packages don't have to follow SemVer.
The migration fixes the setting for all existing Conan and Generic
(#20414) packages.
2022-10-07 12:22:05 +08:00
34f509eb7a Parse OAuth Authorization header when request omits client secret (#21351)
This fixes error "unauthorized_client: invalid client secret" when
client includes secret in Authorization header rather than request body.
OAuth spec permits both.

Sanity validation that client id and client secret in request are
consistent with Authorization header.

Improve error descriptions. Error codes remain the same.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2022-10-07 10:53:49 +08:00
f09f73d784 Disable Firefox E2E tests (#21363)
Make CI green again, until we figure out
https://github.com/go-gitea/gitea/issues/21355.
2022-10-06 21:55:26 +01:00
d7f0d8d8ea Add redirect of /upgrade/ to /upgrade-from-gitea/ on docs site (#21330)
Since adding an aliases block doesn't seem to work locally for me (I
suspect because a page actually exists and Hugo is granting preference
to existing pages over aliases), I also added entries to
static/_redirects file so Netlify will handle the redirects

Fixes #7208
2022-10-06 21:53:02 +01:00
f1f911df41 Update to go-enry v2.8.3 (#21360)
This fixes an issue with enry's isVendor() method being too greedy. This
lead to gitea classifying unvendored code as vendored. The impact of
this is fairly minimal, but our Gitea users did notice which led me to
fixing this in go-enry. Some files will be tagged with a vendored flag
in the UI. I think it also impacts the calculation of language
statistics in the repo as vendored files are not incorporated into the
stats.

For more information on the issue see the go-enry bug:
  https://github.com/go-enry/go-enry/issues/135
2022-10-06 21:51:38 +01:00
64073276c4 Update go to 1.19 (#21361)
It appears that updating go to 1.19 for playwright was missed when we
updated to go 1.19 elsewhere.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-10-06 21:51:18 +01:00
2d3b52c244 SessionUser protection against nil pointer dereference (#21358)
`SessionUser` should be protected against passing `sess` = `nil` to
avoid

```
PANIC: runtime error: invalid memory address or nil pointer dereference
```

in


https://github.com/go-gitea/gitea/pull/18452/files#diff-a215b82aadeb8b4c4632fcf31215dd421f804eb1c0137ec6721b980136e4442aR69

after upgrade from gitea v1.16 to v1.17.

Related: https://github.com/go-gitea/gitea/pull/18452
Author-Change-Id: IB#1126459
2022-10-06 21:50:38 +01:00
b001812df4 Fix and improve incorrect error messages (#21342)
L
2022-10-06 07:00:54 +01:00
1294f6c511 Fix default theme-auto selector when nologin (#21346)
the bug is theme selector is `theme-` when not login to Gitea

![theme-auto](https://user-images.githubusercontent.com/76462613/194099390-0ff6854a-1eb9-4dba-bb28-fd238f2225f8.png)

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-06 11:52:43 +08:00
fd2d5f06b0 Add stat to ToCommit function for speed (#21337)
Calls to ToCommit are very slow due to fetching diffs, analyzing files.
This patch lets us supply `stat` as false to speed fetching a commit
when we don't need the diff.

/v1/repo/commits has a default `stat` set as true now. Set to false to
experience fetching thousands of commits per second instead of 2-5 per
second.
2022-10-06 11:21:04 +08:00
8765f139c7 Fix typo in API comment document (#21347)
Close #21307

After the fix:

![image](https://user-images.githubusercontent.com/2114189/194120843-52566b84-6e29-4f91-859a-eb5839c68c54.png)
2022-10-05 21:26:34 +01:00
abd59cd5cd Update comment about repository.DISABLED_REPO_UNITS in app.example.ini (#21343)
Add allowed values: `repo.projects`
2022-10-05 20:38:30 +01:00
f693863a4f Remove extra space from title element (#21345)
Removes a spurious additional space in the head template. 

![](https://user-images.githubusercontent.com/76462613/194077336-1e757242-6f92-4238-8856-746b2e9a1a2c.png)
2022-10-05 20:24:21 +01:00
93df41f506 Fix slight bug in katex (#21171)
There is a small bug in #20571 whereby `$a a$b b$` will not be correctly
detected as a math inline block of `a a$b b`. This PR fixes this.

Also reenable test cases as per #21340 

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-05 19:55:36 +01:00
2d2cf589f7 Fix linked account translation (#21331)
fix key used for translation
2022-10-04 07:51:07 -05:00
274523baf4 [skip ci] Updated translations via Crowdin 2022-10-04 00:20:52 +00:00
a08b484549 Tag list should include draft releases with existing tags (#21263)
Before, a tag for a draft release disappeared in the tag list, fix #21262.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-03 20:05:53 +08:00
af849ac009 [skip ci] Updated translations via Crowdin 2022-10-03 00:20:54 +00:00
9e2f37404c Foreign ID conflicts if ID is 0 for each item (#21271)
The default is 0 if not defined, and that causes dupe index errors

Co-authored-by: 6543 <6543@obermui.de>
2022-10-02 17:43:16 -04:00
f82f1d05b1 Make app.ini read-only message more prominent (#21315) 2022-10-02 04:12:59 -04:00