Commit Graph

4051 Commits

Author SHA1 Message Date
Zettat123
136dd99e86
Skip email domain check when admins edit user emails (#29609)
Follow #29522

Administrators should be able to set a user's email address even if the
email address is not in `EMAIL_DOMAIN_ALLOWLIST`
2024-03-05 16:51:56 +00:00
Zettat123
4fd9c56ed0
Skip email domain check when admin users adds user manually (#29522)
Fix #27457

Administrators should be able to manually create any user even if the
user's email address is not in `EMAIL_DOMAIN_ALLOWLIST`.
2024-03-05 05:55:47 +00:00
Denys Konovalov
1f0625a277
Fix projects mode bugs (#29593)
Fix for regressions introduced by #28805 

Enabled projects on repos created before the PR weren't detected. Also,
the way projects mode was detected in settings didn't match the way it
was detected on permission check, which leads to confusion.

Co-authored-by: Giteabot <teabot@gitea.io>
2024-03-04 20:49:21 +00:00
Lunny Xiao
e2277d07ca
Move some asymkey functions to service layer (#28894)
After the moving, all models will not depend on `util.Rename` so that I
can do next step refactoring.
2024-03-04 08:57:39 +00:00
KN4CK3R
c337ff0ec7
Add user blocking (#29028)
Fixes #17453

This PR adds the abbility to block a user from a personal account or
organization to restrict how the blocked user can interact with the
blocker. The docs explain what's the consequence of blocking a user.

Screenshots:


![grafik](https://github.com/go-gitea/gitea/assets/1666336/4ed884f3-e06a-4862-afd3-3b8aa2488dc6)


![grafik](https://github.com/go-gitea/gitea/assets/1666336/ae6d4981-f252-4f50-a429-04f0f9f1cdf1)


![grafik](https://github.com/go-gitea/gitea/assets/1666336/ca153599-5b0f-4b4a-90fe-18bdfd6f0b6b)

---------

Co-authored-by: Lauris BH <lauris@nix.lv>
2024-03-04 08:16:03 +00:00
Denys Konovalov
fe6792dff3
Enable/disable owner and repo projects independently (#28805)
Part of #23318 

Add menu in repo settings to allow for repo admin to decide not just if
projects are enabled or disabled per repo, but also which kind of
projects (repo-level/owner-level) are enabled. If repo projects
disabled, don't show the projects tab.


![grafik](https://github.com/go-gitea/gitea/assets/47871822/b9b43fb4-824b-47f9-b8e2-12004313647c)

---------

Co-authored-by: delvh <dev.lh@web.de>
2024-03-04 02:56:52 +00:00
wxiaoguang
bf6502a8f7
Fix incorrect relative/absolute URL usages (#29531)
Add two "HTMLURL" methods for PackageDescriptor. 
And rename "FullWebLink" to "VersionWebLink"
2024-03-02 17:38:38 +00:00
6543
a3f05d0d98
remove util.OptionalBool and related functions (#29513)
and migrate affected code

_last refactoring bits to replace **util.OptionalBool** with
**optional.Option[bool]**_
2024-03-02 16:42:31 +01:00
wxiaoguang
3f081d4b54
Rename Action.GetDisplayName to GetActDisplayName (#29540)
To avoid conflicting with User.GetDisplayName, because there is no data
type in template.

And it matches other methods like GetActFullName / GetActUserName
2024-03-02 15:30:18 +00:00
ChristopherHX
a53d268aca
Actions Artifacts v4 backend (#28965)
Fixes #28853 

Needs both https://gitea.com/gitea/act_runner/pulls/473 and
https://gitea.com/gitea/act_runner/pulls/471 on the runner side and
patched `actions/upload-artifact@v4` / `actions/download-artifact@v4`,
like `christopherhx/gitea-upload-artifact@v4` and
`christopherhx/gitea-download-artifact@v4`, to not return errors due to
GHES not beeing supported yet.
2024-03-02 09:12:17 +00:00
wxiaoguang
4b8293aa09
Fix issue & comment history bugs (#29525)
* Follow #17746: `HasIssueContentHistory` should use expr builder to
make sure zero value (0) be respected.
* Add "doer" check to make sure `canSoftDeleteContentHistory` only be
called by sign-in users.
2024-03-01 16:46:02 +00:00
techknowlogick
cb52b17f92
Add admin API route for managing user's badges (#23106)
Fix #22785

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-03-01 03:23:28 -05:00
wxiaoguang
e71eb8930a
Refactor some Str2html code (#29397)
This PR touches the most interesting part of the "template refactoring".

1. Unclear variable type. Especially for "web/feed/convert.go":
sometimes it uses text, sometimes it uses HTML.
2. Assign text content to "RenderedContent" field, for example: `
project.RenderedContent = project.Description` in web/org/projects.go
3. Assign rendered content to text field, for example: `r.Note =
rendered content` in web/repo/release.go
4. (possible) Incorrectly calling `{{Str2html
.PackageDescriptor.Metadata.ReleaseNotes}}` in
package/content/nuget.tmpl, I guess the name Str2html misleads
developers to use it to "render string to html", but it only sanitizes.
if ReleaseNotes really contains HTML, then this is not a problem.
2024-03-01 07:11:51 +00:00
6543
f6656181e4
migrate some more "OptionalBool" to "Option[bool]" (#29479)
just some refactoring bits towards replacing **util.OptionalBool** with
**optional.Option[bool]**

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-02-29 18:52:49 +00:00
6543
274c0aea2e
Let ctx.FormOptionalBool() return optional.Option[bool] (#29461)
just some refactoring bits towards replacing **util.OptionalBool** with
**optional.Option[bool]**
2024-02-28 13:39:12 +08:00
Nanguan Lin
db545b208b
Implement actions badge svgs (#28102)
replace #27187 
close #23688
The badge has two parts: label(workflow name) and message(action
status). 5 colors are provided with 7 statuses.
Color mapping:
```go
var statusColorMap = map[actions_model.Status]string{
	actions_model.StatusSuccess:   "#4c1",    // Green
	actions_model.StatusSkipped:   "#dfb317", // Yellow
	actions_model.StatusUnknown:   "#97ca00", // Light Green
	actions_model.StatusFailure:   "#e05d44", // Red
	actions_model.StatusCancelled: "#fe7d37", // Orange
	actions_model.StatusWaiting:   "#dfb317", // Yellow
	actions_model.StatusRunning:   "#dfb317", // Yellow
	actions_model.StatusBlocked:   "#dfb317", // Yellow
}
```
preview:

![1](https://github.com/go-gitea/gitea/assets/70063547/5465cbaf-23cd-4437-9848-2738c3cb8985)

![2](https://github.com/go-gitea/gitea/assets/70063547/ec393d26-c6e6-4d38-b72c-51f2494c5e71)

![3](https://github.com/go-gitea/gitea/assets/70063547/3edb4fdf-1b08-4a02-ab2a-6bdd7f532fb2)

![4](https://github.com/go-gitea/gitea/assets/70063547/8c189de2-2169-4251-b115-0e39a52f3df8)

![5](https://github.com/go-gitea/gitea/assets/70063547/3fe22c73-c2d7-4fec-9ea4-c501a1e4e3bd)

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
Co-authored-by: delvh <dev.lh@web.de>
2024-02-27 18:56:18 +01:00
wxiaoguang
6bdfc84e6c
Allow to change primary email before account activation (#29412) 2024-02-27 10:55:13 +00:00
wxiaoguang
eedb8f4129
Only use supported sort order for "explore/users" page (#29430)
Thanks to inferenceus : some sort orders on the "explore/users" page
could list users by their lastlogintime/updatetime.

It leaks user's activity unintentionally. This PR makes that page only
use "supported" sort orders.

Removing the "sort orders" could also be a good solution, while IMO at
the moment keeping the "create time" and "name" orders is also fine, in
case some users would like to find a target user in the search result,
the "sort order" might help.

![image](https://github.com/go-gitea/gitea/assets/2114189/ce5c39c1-1e86-484a-80c3-33cac6419af8)
2024-02-27 17:10:51 +08:00
qwerty287
65952417a8
Add API to get PR by base/head (#29242)
Closes https://github.com/go-gitea/gitea/issues/16289

Add a new API `/repos/{owner}/{repo}/pulls/{base}/{head}` to get a PR by
its base and head branch.
2024-02-26 02:39:01 +00:00
KN4CK3R
f79c9e817a
Use crypto/sha256 (#29386)
Go 1.21 improved the performance of `crypto/sha256`. It's now similar to
`minio/sha256-simd`, so we should just use the standard libs.

https://go.dev/doc/go1.21#crypto/sha256
https://go-review.googlesource.com/c/go/+/408795
https://github.com/multiformats/go-multihash/pull/173
2024-02-25 13:32:13 +00:00
Jimmy Praet
2e33671f2c
Add attachment support for code review comments (#29220)
Fixes #27960, #24411, #12183

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-02-25 06:00:55 +00:00
Lunny Xiao
98ab9445d1
Users with read permission of pull requests can be assigned too (#27263)
This PR will also keep the consistent between list assigned users and
check assigned users.
2024-02-24 14:14:48 +00:00
Zettat123
c42083a339
Allow non-admin users to delete review requests (#29057)
Fix #14459

The following users can add/remove review requests of a PR
- the poster of the PR
- the owner or collaborators of the repository
- members with read permission on the pull requests unit
2024-02-24 12:38:43 +00:00
qwerty287
0a426cc575
Add API to get merged PR of a commit (#29243)
Adds a new API `/repos/{owner}/{repo}/commits/{sha}/pull` that allows
you to get the merged PR associated to a commit.

---------

Co-authored-by: 6543 <6543@obermui.de>
2024-02-24 08:18:39 +00:00
6543
4ba642d07d
Revert "Support SAML authentication (#25165)" (#29358)
This reverts #25165 (5bb8d1924d), as there
was a chance some important reviews got missed.

so after reverting this patch it will be resubmitted for reviewing again

https://github.com/go-gitea/gitea/pull/25165#issuecomment-1960670242

temporary Open #5512 again
2024-02-24 12:18:49 +08:00
6543
7fbdb60fc1
Start to migrate from util.OptionalBool to optional.Option[bool] (#29329)
just create transition helper and migrate two structs
2024-02-23 02:18:33 +00:00
Earl Warren
b748d62b46
Add slow SQL query warning (#27545)
- Databases are one of the most important parts of Forgejo, every
interaction uses the database in one way or another. Therefore, it is
important to maintain the database and recognize when the server is not
doing well with the database. There already is the option to log *every*
SQL query along with its execution time, but monitoring becomes
impractical for larger instances and takes up unnecessary storage in the
logs.
- Add a QoL enhancement that allows instance administrators to specify a
threshold value beyond which query execution time is logged as a warning
in the xorm logger. The default value is a conservative five seconds to
avoid this becoming a source of spam in the logs.
- The use case for this patch is that with an instance the size of
Codeberg, monitoring SQL logs is not very fruitful and most of them are
uninteresting. Recently, in the context of persistent deadlock issues
(https://codeberg.org/forgejo/forgejo/issues/220), I have noticed that
certain queries hold locks on tables like comment and issue for several
seconds. This patch helps to identify which queries these are and when
they happen.
- Added unit test.

(cherry picked from commit 9cf501f1af4cd870221cef6af489618785b71186)

---------

Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: Giteabot <teabot@gitea.io>
Co-authored-by: 6543 <6543@obermui.de>
2024-02-23 00:57:24 +00:00
techknowlogick
5bb8d1924d
Support SAML authentication (#25165)
Closes https://github.com/go-gitea/gitea/issues/5512

This PR adds basic SAML support
- Adds SAML 2.0 as an auth source
- Adds SAML configuration documentation
- Adds integration test:
- Use bare-bones SAML IdP to test protocol flow and test account is
linked successfully (only runs on Postgres by default)
- Adds documentation for configuring and running SAML integration test
locally

Future PRs:
- Support group mapping
- Support auto-registration (account linking)

Co-Authored-By: @jackHay22

---------

Co-authored-by: jackHay22 <jack@allspice.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: morphelinho <morphelinho@users.noreply.github.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: silverwind <me@silverwind.io>
2024-02-23 00:08:17 +00:00
6543
217d71c48a
Workaround to clean up old reviews on creating a new one (#28554)
close  #28542

blocks  #28544

---
*Sponsored by Kithara Software GmbH*
2024-02-19 14:42:18 +01:00
FuXiaoHei
67adc5c1dc
Artifact deletion in actions ui (#27172)
Add deletion link in runs view page.
Fix #26315


![image](https://github.com/go-gitea/gitea/assets/2142787/aa65a4ab-f434-4deb-b953-21e63c212033)

When click deletion button. It marks this artifact `need-delete`.

This artifact would be deleted when actions cleanup cron task.
2024-02-18 10:33:50 +00:00
yp05327
8e2831611c
Fix gitea-action user avatar broken on edited menu (#29190)
Fix #29178
2024-02-16 09:50:20 +00:00
wxiaoguang
f3eb835886
Refactor locale&string&template related code (#29165)
Clarify when "string" should be used (and be escaped), and when
"template.HTML" should be used (no need to escape)

And help PRs like  #29059 , to render the error messages correctly.
2024-02-14 21:48:45 +00:00
techknowlogick
a346a8c852
bump to use go 1.22 (#29119) 2024-02-14 18:19:57 +00:00
KN4CK3R
155269fa58
Remove unused KeyID. (#29167)
`KeyID` is never set.
2024-02-14 12:50:10 -05:00
KN4CK3R
37061e8266
Use ghost user if user was not found (#29161)
Fixes #29159
2024-02-14 17:31:51 +01:00
6543
6fad2c8744
Dont load Review if Comment is CommentTypeReviewRequest (#28551)
RequestReview get deleted on review.
So we don't have to try to load them on comments.

broken out #28544
2024-02-13 09:45:31 +01:00
Chris Copeland
47b5965862
Add merge style fast-forward-only (#28954)
With this option, it is possible to require a linear commit history with
the following benefits over the next best option `Rebase+fast-forward`:
The original commits continue existing, with the original signatures
continuing to stay valid instead of being rewritten, there is no merge
commit, and reverting commits becomes easier.

Closes #24906
2024-02-12 23:37:23 +01:00
Gwyneth Morgan
5b2fd0fc19
Drop "@" from email sender to avoid spam filters (#29109)
Commit 360b3fd17c (Include username in email headers (#28981),
2024-02-03) adds usernames to the From field of notification emails in
the form of `Display Name (@username)`, to prevent spoofing. However,
some email filtering software flags "@" in the display name part of the
From field as potential spoofing, as you could set the display name part
to another email address than the one you are sending from (e.g.
`From: "apparent@email-address" <actual@email-address>`). To avoid
being flagged, instead send emails from `Display Name (username)`.

Closes: #29107

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2024-02-10 04:40:48 +01:00
Lunny Xiao
8c6ffdac37
Remove unnecessary parameter (#29092)
The parameter extraConfigs has never been used anywhere. This PR just
removed it. It can be taken back once it's needed.
2024-02-08 12:31:38 +00:00
Lunny Xiao
9bb1adf8ea
Move some repository transfer functions to service layer (#28855) 2024-02-05 06:17:23 +00:00
KN4CK3R
688d4a1f71
Unify password changing and invalidate auth tokens (#27625)
- Unify the password changing code
- Invalidate existing auth tokens when changing passwords
2024-02-04 14:05:26 +00:00
KN4CK3R
f8b471ace1
Unify user update methods (#28733)
Fixes #28660
Fixes an admin api bug related to `user.LoginSource`
Fixed `/user/emails` response not identical to GitHub api

This PR unifies the user update methods. The goal is to keep the logic
only at one place (having audit logs in mind). For example, do the
password checks only in one method not everywhere a password is updated.

After that PR is merged, the user creation should be next.
2024-02-04 13:29:09 +00:00
Gwyneth Morgan
360b3fd17c
Include username in email headers (#28981)
Emails from Gitea comments do not contain the username of the commenter
anywhere, only their display name, so it is not possible to verify who
made a comment from the email itself:

	From: "Alice" <email@gitea>
	X-Gitea-Sender: Alice
	X-Gitea-Recipient: Bob
	X-GitHub-Sender: Alice
	X-GitHub-Recipient: Bob

	This comment looks like it's from @alice.

The X-Gitea/X-GitHub headers also use display names, which is not very
reliable for filtering, and inconsistent with GitHub's behavior:

	X-GitHub-Sender: lunny
	X-GitHub-Recipient: gwymor

This change includes both the display name and username in the From
header, and switches the other headers from display name to username:

	From: "Alice (@fakealice)" <email@gitea>
	X-Gitea-Sender: fakealice
	X-Gitea-Recipient: bob
	X-GitHub-Sender: fakealice
	X-GitHub-Recipient: bob

	This comment looks like it's from @alice.
2024-02-03 00:41:27 +00:00
silverwind
a6cea59514
Update tool dependencies (#29030) 2024-02-02 19:11:39 -05:00
Lunny Xiao
3a66762130
Revert "Speed up loading the dashboard on mysql/mariadb (#28546)" (#29006)
This reverts commit fa8c3beb26. #28546 
Because it seems performance become worse.
2024-02-01 14:25:37 +08:00
KN4CK3R
27d4c11ec3
Fix joins in db.Find(AndCount) (#28978) 2024-01-30 02:37:24 +00:00
Lunny Xiao
5f82ead13c
Simplify how git repositories are opened (#28937)
## Purpose
This is a refactor toward building an abstraction over managing git
repositories.
Afterwards, it does not matter anymore if they are stored on the local
disk or somewhere remote.

## What this PR changes
We used `git.OpenRepository` everywhere previously.
Now, we should split them into two distinct functions:

Firstly, there are temporary repositories which do not change:

```go
git.OpenRepository(ctx, diskPath)
```

Gitea managed repositories having a record in the database in the
`repository` table are moved into the new package `gitrepo`:

```go
gitrepo.OpenRepository(ctx, repo_model.Repo)
```

Why is `repo_model.Repository` the second parameter instead of file
path?
Because then we can easily adapt our repository storage strategy.
The repositories can be stored locally, however, they could just as well
be stored on a remote server.

## Further changes in other PRs
- A Git Command wrapper on package `gitrepo` could be created. i.e.
`NewCommand(ctx, repo_model.Repository, commands...)`. `git.RunOpts{Dir:
repo.RepoPath()}`, the directory should be empty before invoking this
method and it can be filled in the function only. #28940
- Remove the `RepoPath()`/`WikiPath()` functions to reduce the
possibility of mistakes.

---------

Co-authored-by: delvh <dev.lh@web.de>
2024-01-27 21:09:51 +01:00
wackbyte
a240d5dfa7
Fix non-alphabetic sorting of repo topics (#28938) 2024-01-26 14:15:57 +00:00
JakobDev
f3ba3e922d
Don't run push mirrors for archived repos (#27140)
Fixes https://codeberg.org/forgejo/forgejo/issues/612

At the moment push mirrors are still run if a repo is archived. This PR
fixes this.
2024-01-24 02:32:57 +00:00
Adam Majer
d68a613ba8
Add support for sha256 repositories (#23894)
Currently only SHA1 repositories are supported by Gitea. This adds
support for alternate SHA256 with the additional aim of easier support
for additional hash types in the future.

Fixes: #13794
Limited by: https://github.com/go-git/go-git/issues/899
Depend on: #28138

<img width="776" alt="图片" src="https://github.com/go-gitea/gitea/assets/81045/5448c9a7-608e-4341-a149-5dd0069c9447">

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2024-01-19 17:05:02 +01:00
yp05327
07ba4d9f87
Fix incorrect action duration time when rerun the job before executed once (#28364)
Fix #28323
Reason was mentioned here:
https://github.com/go-gitea/gitea/issues/28323#issuecomment-1841867298

### Changes: (maybe breaking)
We can rerun jobs in Gitea, so there will be some problems in
calculating duration time.
In this PR, I use the exist `Started` and `Stopped` column to record the
last run time instead of the total time,
and add a new `PreviousDuration` column to record the previous duration
time.
You can also check the cost time of last run:

![image](https://github.com/go-gitea/gitea/assets/18380374/2ca39145-2c92-401a-b78b-43164f7ae061)
2024-01-19 14:05:49 +00:00
KN4CK3R
461d8b53c2
Fix some RPM registry flaws (#28782)
Related #26984
(https://github.com/go-gitea/gitea/pull/26984#issuecomment-1889588912)

Fix admin cleanup message.
Fix models `Get` not respecting default values.
Rebuild RPM repository files after cleanup.
Do not add RPM group to package version name.
Force stable sorting of Alpine/Debian/RPM repository data.
Fix missing deferred `Close`.
Add tests for multiple RPM groups.
Removed non-cached `ReplaceAllStringRegex`.

If there are multiple groups available, it's stated in the package
installation screen:

![grafik](https://github.com/go-gitea/gitea/assets/1666336/8f132760-882c-4ab8-9678-77e47dfc4415)
2024-01-19 11:37:10 +00:00
Lunny Xiao
eba9c0ce48
Add testing for CalcCommitStatus (#28823) 2024-01-17 13:27:59 +00:00
Lunny Xiao
2bdab948cb
Add missing migration (#28827)
Missed from #28498
2024-01-17 17:26:45 +08:00
Mihir Joshi
b8270240bf
Fix reverting a merge commit failing (#28794)
Fixes #22236

---
Error occurring currently while trying to revert commit using read-tree
-m approach:
> 2022/12/26 16:04:43 ...rvices/pull/patch.go:240:AttemptThreeWayMerge()
[E] [63a9c61a] Unable to run read-tree -m! Error: exit status 128 -
fatal: this operation must be run in a work tree
> 	 - fatal: this operation must be run in a work tree

We need to clone a non-bare repository for `git read-tree -m` to work.

bb371aee6e
adds support to create a non-bare cloned temporary upload repository.

After cloning a non-bare temporary upload repository, we [set default
index](https://github.com/go-gitea/gitea/blob/main/services/repository/files/cherry_pick.go#L37)
(`git read-tree HEAD`).
This operation ends up resetting the git index file (see investigation
details below), due to which, we need to call `git update-index
--refresh` afterward.


Here's the diff of the index file before and after we execute
SetDefaultIndex: https://www.diffchecker.com/hyOP3eJy/

Notice the **ctime**, **mtime** are set to 0 after SetDefaultIndex.

You can reproduce the same behavior using these steps:
```bash
$ git clone https://try.gitea.io/me-heer/test.git -s -b main
$ cd test
$ git read-tree HEAD
$ git read-tree -m 1f085d7ed8 1f085d7ed8 9933caed00
error: Entry '1' not uptodate. Cannot merge.
```

After which, we can fix like this:
```
$ git update-index --refresh
$ git read-tree -m 1f085d7ed8 1f085d7ed8 9933caed00
```
2024-01-16 15:06:51 +00:00
Gwyneth Morgan
2c3da59e27
Add ability to see open and closed issues at the same time (#28757)
By clicking the currently active "Open" or "Closed" filter button in the
issue list, the user can toggle that filter off in order to see all
issues regardless of state. The URL "state" parameter will be set to
"all" and the "Open"/"Closed" button will not show as active.
2024-01-15 15:07:22 +00:00
KN4CK3R
3793ec4d14
Fix GetCommitStatuses (#28787)
Fixes #28764.
2024-01-15 14:07:32 +00:00
KN4CK3R
637451a45e
Rework markup link rendering (#26745)
Fixes #26548

This PR refactors the rendering of markup links. The old code uses
`strings.Replace` to change some urls while the new code uses more
context to decide which link should be generated.

The added tests should ensure the same output for the old and new
behaviour (besides the bug).

We may need to refactor the rendering a bit more to make it clear how
the different helper methods render the input string. There are lots of
options (resolve links / images / mentions / git hashes / emojis / ...)
but you don't really know what helper uses which options. For example,
we currently support images in the user description which should not be
allowed I think:

<details>
  <summary>Profile</summary> 

https://try.gitea.io/KN4CK3R

![grafik](https://github.com/go-gitea/gitea/assets/1666336/109ae422-496d-4200-b52e-b3a528f553e5)

</details>

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-01-15 08:49:24 +00:00
Jimmy Praet
5d3fdd1212
Add branch protection setting for ignoring stale approvals (#28498)
Fixes #27114.

* In Gitea 1.12 (#9532), a "dismiss stale approvals" branch protection
setting was introduced, for ignoring stale reviews when verifying the
approval count of a pull request.
* In Gitea 1.14 (#12674), the "dismiss review" feature was added.
* This caused confusion with users (#25858), as "dismiss" now means 2
different things.
* In Gitea 1.20 (#25882), the behavior of the "dismiss stale approvals"
branch protection was modified to actually dismiss the stale review.

For some users this new behavior of dismissing the stale reviews is not
desirable.

So this PR reintroduces the old behavior as a new "ignore stale
approvals" branch protection setting.

---------

Co-authored-by: delvh <dev.lh@web.de>
2024-01-15 07:20:01 +00:00
yp05327
ce0225c1b8
Forbid removing the last admin user (#28337)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-01-15 06:51:43 +00:00
yp05327
b820019fec
Fix when private user following user, private user will not be counted in his own view (#28037)
Doer: asdasasdasasdasasdasasdasasdasasdasasdas (private user)
Followed: TestUser (public user)

Before:
(From doer's view)

![image](https://github.com/go-gitea/gitea/assets/18380374/9ba16b3b-068c-43c5-a3dd-e3343b5b32f2)
(From followed user's view, can see doer)

![image](https://github.com/go-gitea/gitea/assets/18380374/dfd1b564-d689-4393-b3d3-1e6bf52c94ba)

After:
(From doer's view)

![image](https://github.com/go-gitea/gitea/assets/18380374/1c85c1d1-c9f7-40c8-948c-145f7cae9a04)
2024-01-15 05:43:14 +00:00
Lunny Xiao
70c4aad8e1
Move more functions to db.Find (#28419)
Following #28220

This PR move more functions to use `db.Find`.

---------

Co-authored-by: delvh <dev.lh@web.de>
2024-01-15 02:19:25 +00:00
Lunny Xiao
fa8c3beb26
Speed up loading the dashboard on mysql/mariadb (#28546)
Fixes #28155
2024-01-14 15:34:25 +01:00
Lunny Xiao
97292da960
Fix schedule tasks bugs (#28691)
Fix #28157 

This PR fix the possible bugs about actions schedule.

## The Changes

- Move `UpdateRepositoryUnit` and `SetRepoDefaultBranch` from models to
service layer
- Remove schedules plan from database and cancel waiting & running
schedules tasks in this repository when actions unit has been disabled
or global disabled.
- Remove schedules plan from database and cancel waiting & running
schedules tasks in this repository when default branch changed.
2024-01-12 21:50:38 +00:00
wxiaoguang
2df7563f31
Recommend/convert to use case-sensitive collation for MySQL/MSSQL (#28662)
Mainly for MySQL/MSSQL.

It is important for Gitea to use case-sensitive database charset
collation. If the database is using a case-insensitive collation, Gitea
will show startup error/warning messages, and show the errors/warnings
on the admin panel's Self-Check page.

Make `gitea doctor convert` work for MySQL to convert the collations of
database & tables & columns.

* Fix #28131

## ⚠️ BREAKING ⚠️

It is not quite breaking, but it's highly recommended to convert the
database&table&column to a consistent and case-sensitive collation.
2024-01-10 11:03:23 +00:00
Kyle D
54acf7b0d4
Normalize oauth email username (#28561) 2024-01-03 18:48:20 -06:00
Lunny Xiao
da58bb85fa
Upgrade xorm to new version which supported update join for all supported databases (#28590)
Fix https://github.com/go-gitea/gitea/pull/28547#issuecomment-1867740842

Since https://gitea.com/xorm/xorm/pulls/2383 merged, xorm now supports
UPDATE JOIN.
To keep consistent from different databases, xorm use
`engine.Join().Update`, but the actural generated SQL are different
between different databases.

For MySQL, it's `UPDATE talbe1 JOIN table2 ON join_conditions SET xxx
Where xxx`.

For MSSQL, it's `UPDATE table1 SET xxx FROM TABLE1, TABLE2 WHERE
join_conditions`.

For SQLITE per https://www.sqlite.org/lang_update.html, sqlite support
`UPDATE table1 SET xxx FROM table2 WHERE join conditions` from
3.33.0(2020-8-14).

POSTGRES is the same as SQLITE.
2023-12-31 05:00:35 +00:00
Lunny Xiao
cb10f2767c
Fix migration test (#28659) 2023-12-30 21:54:48 +08:00
wxiaoguang
e5d8c4b8d4
Avoid cycle-redirecting user/login page (#28636)
Fix #28231, and remove some unused code. The `db.HasEngine` doesn't seem
useful because the db engine is always initialized before web route.
2023-12-30 08:48:34 +00:00
wxiaoguang
e743570f65
Refactor timeutil package (#28623)
1. make names more readable
2. remove unused FormatLong/FormatShort
3. use `FormatDate` instead of `Format "2006-01-02"`
2023-12-28 10:09:57 +00:00
wxiaoguang
f3999888c0
Refactor some legacy code and remove unused code (#28622)
1. use slices.Contains, remove Int64sContains
2. use HashEmail, remove base.EncodeMD5
3. remove BasicAuthEncode, IsLetter
2023-12-28 09:38:59 +00:00
Lunny Xiao
4c29c75968
Fix session key conflict with database keyword (#28613)
This is a regression from #28220 .
`builder.Cond` will not add `` ` `` automatically but xorm method
`Get/Find` adds `` ` ``.

This PR also adds tests to prevent the method from being implemented
incorrectly. The tests are added in `integrations` to test every
database.
2023-12-27 15:24:23 +08:00
delvh
778ad795fd
Refactor deletion (#28610)
Introduce the new generic deletion methods
- `func DeleteByID[T any](ctx context.Context, id int64) (int64, error)`
- `func DeleteByIDs[T any](ctx context.Context, ids ...int64) error`
- `func Delete[T any](ctx context.Context, opts FindOptions) (int64,
error)`

So, we no longer need any specific deletion method and can just use
the generic ones instead.

Replacement of #28450

Closes #28450

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-12-25 21:25:29 +01:00
Jean-Baptiste Gomond
d0f24ff4ca
Added instance-level variables (#28115)
This PR adds instance-level variables, and so closes #27726



![gitea_instance_variables_1](https://github.com/go-gitea/gitea/assets/8344487/ad409cd4-ce36-4c84-a764-34451b0fb63a)

![gitea_instance_variables_2](https://github.com/go-gitea/gitea/assets/8344487/426f0965-dec6-4560-948c-067cdeddd720)

![gitea_instance_variables_3](https://github.com/go-gitea/gitea/assets/8344487/cf1d7776-4938-4825-922e-cbbbf28a5f33)
2023-12-25 07:28:59 +00:00
Lunny Xiao
0407a402bb
Revert "improve possible performance bottleneck (#28547)" (#28593)
This reverts commit b35d3fddfa.

This is totally wrong. I think `Update join` hasn't been supported well
by xorm.

I just revert the PR and will try to send another one.
2023-12-25 06:52:17 +00:00
Lunny Xiao
b35d3fddfa
improve possible performance bottleneck (#28547)
Replace #28500

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-12-21 23:25:57 +01:00
6543
2c48733afe
Fix inperformant query on retrifing review from database. (#28552)
can we please PLEAS PLEASE only use raw SQL statements if it is relay
needed!!!

source is https://github.com/go-gitea/gitea/pull/28544 (before
refactoring)
2023-12-20 15:19:58 +00:00
Nanguan Lin
6a725b6f9c
Remove deadcode under models/issues (#28536)
Using the Go Official tool `golang.org/x/tools/cmd/deadcode@latest`
mentioned by [go blog](https://go.dev/blog/deadcode).
Just use `deadcode .` in the project root folder and it gives a list of
unused functions. Though it has some false alarms.
This PR removes dead code detected in `models/issues`.
2023-12-19 20:12:02 +01:00
Lunny Xiao
4eb2a29910
Improve ObjectFormat interface (#28496)
The 4 functions are duplicated, especially as interface methods. I think
we just need to keep `MustID` the only one and remove other 3.

```
MustID(b []byte) ObjectID
MustIDFromString(s string) ObjectID
NewID(b []byte) (ObjectID, error)
NewIDFromString(s string) (ObjectID, error)
```

Introduced the new interfrace method `ComputeHash` which will replace
the interface `HasherInterface`. Now we don't need to keep two
interfaces.

Reintroduced `git.NewIDFromString` and `git.MustIDFromString`. The new
function will detect the hash length to decide which objectformat of it.
If it's 40, then it's SHA1. If it's 64, then it's SHA256. This will be
right if the commitID is a full one. So the parameter should be always a
full commit id.

@AdamMajer Please review.
2023-12-19 07:20:47 +00:00
yp05327
4ea522fecf
Only check online runner when detecting matching runners in workflows (#28286)
Mentioned:
[#28277](https://github.com/go-gitea/gitea/issues/28277#issuecomment-1831325276)

We should only check online runner when detecting matching runners in
workflows,
as if runner is not online, the workflow will not run.


![image](https://github.com/go-gitea/gitea/assets/18380374/11855e9d-7241-4b7a-b8d7-49dbb94ba1c5)
2023-12-18 16:06:19 +00:00
Earl Warren
e02095c5b6
Add orphaned topic consistency check (#28507)
- If a topic has zero repository count, it means that none of the
repositories are using that topic, that would make them 'useless' to
keep. One caveat is that if that topic is going to be used in the
future, it will be added again to the database, but simply with a new
ID.

Refs: https://codeberg.org/forgejo/forgejo/pulls/1964

Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-12-18 15:32:08 +00:00
Lunny Xiao
408a484224
Adjust object format interface (#28469)
- Remove `ObjectFormatID`
- Remove function `ObjectFormatFromID`.
- Use `Sha1ObjectFormat` directly but not a pointer because it's an
empty struct.
- Store `ObjectFormatName` in `repository` struct
2023-12-17 11:56:08 +00:00
wxiaoguang
4f04ab2586
Refactor SSH clone URL generation code (#28421)
Refactor the code and add tests, keep the old logic.
2023-12-15 06:18:12 +00:00
sebastian-sauer
e08f1a9cbd
Add combined index for issue_user.uid and issue_id (#28080)
fixes #27877

---------

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-12-14 09:26:59 +00:00
nekrondev
52046b934d
Retry SSH key verification with additional CRLF if it failed (#28392)
Windows-based shells will add a CRLF when piping the token into
ssh-keygen command resulting in
verification error. This resolves #21527.

---------

Co-authored-by: Heiko Besemann <heiko.besemann@qbeyond.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-12-14 02:39:32 +00:00
Adam Majer
cbf923e87b
Abstract hash function usage (#28138)
Refactor Hash interfaces and centralize hash function. This will allow
easier introduction of different hash function later on.

This forms the "no-op" part of the SHA256 enablement patch.
2023-12-13 21:02:00 +00:00
Lunny Xiao
537fa69962
Second part of refactor db.Find (#28194)
Continue of #27798 and move more functions to `db.Find` and `db.Count`.
2023-12-11 16:56:48 +08:00
yp05327
0abb5633e3
Fix commit status in repo list (#28412)
Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/00edf23a-aee1-4177-a12c-bd03ae14e65e)

![image](https://github.com/go-gitea/gitea/assets/18380374/0663e443-682c-4a68-b14e-a0fa0e4c3716)
`TestOrg/testactions` does have commit status, but won't display in
`All`

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/7231db29-9c4e-484f-afa2-87db19be19b8)

Same to #26179.
2023-12-11 06:19:57 +00:00
Lunny Xiao
aeb383025f
Also sync DB branches on push if necessary (#28361)
Fix #28056 

This PR will check whether the repo has zero branch when pushing a
branch. If that, it means this repository hasn't been synced.

The reason caused that is after user upgrade from v1.20 -> v1.21, he
just push branches without visit the repository user interface. Because
all repositories routers will check whether a branches sync is necessary
but push has not such check.

For every repository, it has two states, synced or not synced. If there
is zero branch for a repository, then it will be assumed as non-sync
state. Otherwise, it's synced state. So if we think it's synced, we just
need to update branch/insert new branch. Otherwise do a full sync. So
that, for every push, there will be almost no extra load added. It's
high performance than yours.

For the implementation, we in fact will try to update the branch first,
if updated success with affect records > 0, then all are done. Because
that means the branch has been in the database. If no record is
affected, that means the branch does not exist in database. So there are
two possibilities. One is this is a new branch, then we just need to
insert the record. Another is the branches haven't been synced, then we
need to sync all the branches into database.
2023-12-09 13:30:56 +00:00
Lunny Xiao
dd30d9d5c0
Remove GetByBean method because sometimes it's danger when query condition parameter is zero and also introduce new generic methods (#28220)
The function `GetByBean` has an obvious defect that when the fields are
empty values, it will be ignored. Then users will get a wrong result
which is possibly used to make a security problem.

To avoid the possibility, this PR removed function `GetByBean` and all
references.
And some new generic functions have been introduced to be used.

The recommand usage like below.

```go
// if query an object according id
obj, err := db.GetByID[Object](ctx, id)
// query with other conditions
obj, err := db.Get[Object](ctx, builder.Eq{"a": a, "b":b})
```
2023-12-07 15:27:36 +08:00
Jason Song
beb71f5ef6
Include public repos in doer's dashboard for issue search (#28304)
It will fix #28268 .

<img width="1313" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/cb1e07d5-7a12-4691-a054-8278ba255bfc">

<img width="1318" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/4fd60820-97f1-4c2c-a233-d3671a5039e9">

## ⚠️ BREAKING ⚠️

But need to give up some features:

<img width="1312" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/281c0d51-0e7d-473f-bbed-216e2f645610">

However, such abandonment may fix #28055 .

## Backgroud

When the user switches the dashboard context to an org, it means they
want to search issues in the repos that belong to the org. However, when
they switch to themselves, it means all repos they can access because
they may have created an issue in a public repo that they don't own.

<img width="286" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/182dcd5b-1c20-4725-93af-96e8dfae5b97">

It's a confusing design. Think about this: What does "In your
repositories" mean when the user switches to an org? Repos belong to the
user or the org?

Whatever, it has been broken by #26012 and its following PRs. After the
PR, it searches for issues in repos that the dashboard context user owns
or has been explicitly granted access to, so it causes #28268.

## How to fix it

It's not really difficult to fix it. Just extend the repo scope to
search issues when the dashboard context user is the doer. Since the
user may create issues or be mentioned in any public repo, we can just
set `AllPublic` to true, which is already supported by indexers. The DB
condition will also support it in this PR.

But the real difficulty is how to count the search results grouped by
repos. It's something like "search issues with this keyword and those
filters, and return the total number and the top results. **Then, group
all of them by repo and return the counts of each group.**"

<img width="314" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/5206eb20-f8f5-49b9-b45a-1be2fcf679f4">

Before #26012, it was being done in the DB, but it caused the results to
be incomplete (see the description of #26012).

And to keep this, #26012 implement it in an inefficient way, just count
the issues by repo one by one, so it cannot work when `AllPublic` is
true because it's almost impossible to do this for all public repos.


1bfcdeef4c/modules/indexer/issues/indexer.go (L318-L338)

## Give up unnecessary features

We may can resovle `TODO: use "group by" of the indexer engines to
implement it`, I'm sure it can be done with Elasticsearch, but IIRC,
Bleve and Meilisearch don't support "group by".

And the real question is, does it worth it? Why should we need to know
the counts grouped by repos?

Let me show you my search dashboard on gitea.com.

<img width="1304" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/2bca2d46-6c71-4de1-94cb-0c9af27c62ff">

I never think the long repo list helps anything.

And if we agree to abandon it, things will be much easier. That is this
PR.

## TODO

I know it's important to filter by repos when searching issues. However,
it shouldn't be the way we have it now. It could be implemented like
this.

<img width="1316" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/99ee5f21-cbb5-4dfe-914d-cb796cb79fbe">

The indexers support it well now, but it requires some frontend work,
which I'm not good at. So, I think someone could help do that in another
PR and merge this one to fix the bug first.

Or please block this PR and help to complete it.

Finally, "Switch dashboard context" is also a design that needs
improvement. In my opinion, it can be accomplished by adding filtering
conditions instead of "switching".
2023-12-07 13:26:18 +08:00
yp05327
f4561c44b1
Fix incorrect run order of action jobs (#28367)
When we pick up a job, all waiting jobs should firstly be ordered by
update time,
otherwise when there's a running job, if I rerun an older job, the older
job will run first, as it's id is smaller.
2023-12-06 22:10:05 +00:00
Nate Levesque
f891172ef4
handle repository.size column being NULL in migration v263 (#28336)
This resolves a problem I encountered while updating gitea from 1.20.4
to 1.21. For some reason (correct or otherwise) there are some values in
`repository.size` that are NULL in my gitea database which cause this
migration to fail due to the NOT NULL constraints.

Log snippet (excuse the escape characters)
```
ESC[36mgitea                |ESC[0m 2023-12-04T03:52:28.573122395Z 2023/12/04 03:52:28 ...ations/migrations.go:641:Migrate() [I] Migration[263]: Add git_size and lfs_size columns to repository table
ESC[36mgitea                |ESC[0m 2023-12-04T03:52:28.608705544Z 2023/12/04 03:52:28 routers/common/db.go:36:InitDBEngine() [E] ORM engine initialization attempt #3/10 failed. Error: migrate: migration[263]: Add git_size and lfs_size columns to repository table failed: NOT NULL constraint failed: repository.git_size
```

I assume this should be reasonably safe since `repository.git_size` has
a default value of 0 but I don't know if that value being 0 in the odd
situation where `repository.size == NULL` has any problematic
consequences.
2023-12-05 14:31:13 +00:00
wxiaoguang
a6aed0fee6
Increase "version" when update the setting value to a same value as before (#28243)
Setting the same value should not trigger DuplicateKey error, and the
"version" should be increased
2023-11-27 17:15:40 +00:00
Lunny Xiao
882e502327
Fix comment permissions (#28213)
This PR will fix some missed checks for private repositories' data on
web routes and API routes.
2023-11-25 17:21:21 +00:00
Lunny Xiao
df1e7d0067
Use db.Find instead of writing methods for every object (#28084)
For those simple objects, it's unnecessary to write the find and count
methods again and again.
2023-11-24 03:49:41 +00:00
Earl Warren
1075ff74b5
Use restricted sanitizer for repository description (#28141)
- Currently the repository description uses the same sanitizer as a
normal markdown document. This means that element such as heading and
images are allowed and can be abused.
- Create a minimal restricted sanitizer for the repository description,
which only allows what the postprocessor currently allows, which are
links and emojis.
- Added unit testing.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1202
- Resolves https://codeberg.org/Codeberg/Community/issues/1122

(cherry picked from commit 631c87cc2347f0036a75dcd21e24429bbca28207)

Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-11-23 16:34:25 +00:00
yp05327
976a9926d7
Fix no ActionTaskOutput table waring (#28149)
Reproduce:
- Create a new Gitea instance
- Register a runner
- Create a repo and add a workflow
- Check the log, you will see warnings:

![image](https://github.com/go-gitea/gitea/assets/18380374/5f1278e0-114b-48bc-8113-8ba1404d9975)
It comes from:

![image](https://github.com/go-gitea/gitea/assets/18380374/c2807831-e137-4229-9536-87f6114c8a5b)

The reason is that we forgot registering `ActionTaskOutput` model.
So `action_table_output` table will be missing in your db.
2023-11-21 08:02:51 +00:00
wxiaoguang
fce1d5d7dc
Fix system config cache expiration timing (#28072)
To avoid unnecessary database access, the `cacheTime` should always be
set if the revision has been checked.

Fix #28057
2023-11-16 12:53:42 +00:00
Lunny Xiao
f65977df3a
Revert "packages: Calculate package size quota using package creator ID instead of owner ID (#28007)" (#28049)
This reverts commit #28007 60522fc96f.
2023-11-14 16:03:56 +01:00