Template
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo synced 2024-11-30 22:06:11 +01:00
Commit graph

3760 commits

Author SHA1 Message Date
Giteabot 9e4be39acb
Fix the topic validation rule and suport dots (#26286) (#26303)
Backport #26286 by @wxiaoguang

1. Allow leading and trailing spaces by user input, these spaces have
already been trimmed at backend
2. Allow using dots in the topic

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit fcd055c34a)
2023-08-21 07:22:16 +02:00
Giteabot c2f2fed57a
Fix pull request check list is limited (#26179) (#26245)
Backport #26179 by @CaiCandong

In the original implementation, we can only get the first 30 records of
the commit status (the default paging size), if the commit status is
more than 30, it will lead to the bug #25990. I made the following two
changes.
- On the page, use the ` db.ListOptions{ListAll: true}` parameter
instead of `db.ListOptions{}`
- The `GetLatestCommitStatus` function makes a determination as to
whether or not a pager is being used.

fixed #25990

Co-authored-by: caicandong <50507092+CaiCandong@users.noreply.github.com>
(cherry picked from commit 060026995a)
2023-08-21 07:22:15 +02:00
JakobDev d89003cc1b Fix API leaking Usermail if not logged in (#25097)
The API should only return the real Mail of a User, if the caller is
logged in. The check do to this don't work. This PR fixes this. This not
really a security issue, but can lead to Spam.

---------

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit ea385f5d39)
2023-08-05 11:43:54 +00:00
Gusted 9b71369be9 [GITEA] Use join for the deleting issue actions query
- The action tables can become very large as it's a dumpster for every
action that an user does on an repository.
- The following query: `DELETE FROM action WHERE comment_id IN (SELECT id FROM comment WHERE
issue_id=?)` is not using indexes for `comment_id` and is instead using
an full table scan by MariaDB.
- Rewriting the query to use an JOIN will allow MariaDB to use the
index.
- More information: https://codeberg.org/Codeberg-Infrastructure/techstack-support/issues/9
- Backport https://codeberg.org/forgejo/forgejo/pulls/1154
2023-07-31 10:14:30 +00:00
Giteabot 5afb0294f4
Fix access check for org-level project (#26182) (#26223)
Backport #26182 by @Zettat123

Fix #25934

Add `ignoreGlobal` parameter to `reqUnitAccess` and only check global
disabled units when `ignoreGlobal` is true. So the org-level projects
and user-level projects won't be affected by global disabled
`repo.projects` unit.

Co-authored-by: Zettat123 <zettat123@gmail.com>
(cherry picked from commit 3a29712e0a)
2023-07-30 07:46:19 +02:00
Giteabot 751028549d
Prevent primary key update on migration (#26192) (#26199)
Backport #26192 by @KN4CK3R

Fixes #25918

The migration fails on MSSQL because xorm tries to update the primary
key column. xorm prevents this if the column is marked as auto
increment:

c622cdaf89/internal/statements/update.go (L38-L40)

I think it would be better if xorm would check for primary key columns
here because updating such columns is bad practice. It looks like if
that auto increment check should do the same.

fyi @lunny

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit ecfbcced46)
2023-07-30 07:46:18 +02:00
Lunny Xiao 4640c53386
Fix bug when pushing to a pull request which enabled dismiss approval automatically (#25882) (#26158)
Fix #25858
Backport #25882

The option `dissmiss stale approvals` was listed on protected branch but
never implemented. This PR fixes that.

<img width="1006" alt="图片"

src="https://github.com/go-gitea/gitea/assets/81045/60bfa968-4db7-4c24-b8be-2e5978f91bb9">

<img width="1021" alt="图片"

src="https://github.com/go-gitea/gitea/assets/81045/8dabc14d-2dfe-40c2-94ed-24fcbf6e0e8f">

(cherry picked from commit 666038a06d)
2023-07-30 07:46:18 +02:00
Giteabot 9654d71bb2
Fix bugs in LFS meta garbage collection (#26122) (#26157)
Backport #26122 by @Zettat123

This PR

- Fix #26093. Replace `time.Time` with `timeutil.TimeStamp`
- Fix #26135. Add missing `xorm:"extends"` to `CountLFSMetaObject` for
LFS meta object query
- Add a unit test for LFS meta object garbage collection

Co-authored-by: Zettat123 <zettat123@gmail.com>
(cherry picked from commit a12d036a68)
2023-07-30 07:43:05 +02:00
Giteabot df5200e814
Remove "misc" scope check from public API endpoints (#26134) (#26149)
Backport #26134 by @wxiaoguang

Fix #26035

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit a8445e9320)
2023-07-26 13:51:46 +02:00
Lunny Xiao 7099ef15b6
Update xorm version (#26128) (#26150)
backport #26128 to fix some serious bug.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit bc73e6a85c)
2023-07-26 13:50:10 +02:00
Giteabot e2101ae572
Fix wrong workflow status when rerun a job in an already finished workflow (#26119) (#26124)
Backport #26119 by @yp05327

Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/fb687592-b117-4cd5-b076-2ca5ca847ea4)
After:

![image](https://github.com/go-gitea/gitea/assets/18380374/c9b0683e-e81d-410b-8c35-fbe54327fab4)

After workflow finished, if you rerun a single job, the workflow status
will become to `Running` which is not correct as no jobs are running in
this workflow.

Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit 08cdc0da3d)
2023-07-26 13:49:15 +02:00
Earl Warren b65d458c3a
Merge remote-tracking branch 'forgejo/v1.20/forgejo-dependency' into v1.20/forgejo 2023-07-17 08:01:29 +02:00
Earl Warren 1371196064
Merge remote-tracking branch 'forgejo/v1.20/forgejo-moderation' into v1.20/forgejo 2023-07-17 08:01:23 +02:00
Earl Warren 8924d15dec
[GITEA] silently ignore obsolete sudo scope
Fixes: https://codeberg.org/forgejo/forgejo/issues/820
(cherry picked from commit 6a7022ebbb)
(cherry picked from commit 764eac47b5)
(cherry picked from commit 14480339f0)
(cherry picked from commit fb930bd719)
(cherry picked from commit 97d1166aba)
(cherry picked from commit 97b2abc767)
(cherry picked from commit 3854c9112f)
2023-07-17 00:27:19 +02:00
Gusted 73776d6195
[MODERATION] add user blocking API
- Follow up for: #540, #802
- Add API routes for user blocking from user and organization
perspective.
- The new routes have integration testing.
- The new model functions have unit tests.
- Actually quite boring to write and to read this pull request.

(cherry picked from commit f3afaf15c7)
(cherry picked from commit 6d754db3e5)
(cherry picked from commit d0fc8bc9d3)
(cherry picked from commit 9a53b0d1a0)
(cherry picked from commit 44a2a4fd48)
(cherry picked from commit 182025db9c)
(cherry picked from commit 558a35963e)
2023-07-17 00:26:42 +02:00
Gusted cdf6318f51
[MODERATION] organization blocking a user (#802)
- Resolves #476
- Follow up for: #540
- Ensure that the doer and blocked person cannot follow each other.
- Ensure that the block person cannot watch doer's repositories.
- Add unblock button to the blocked user list.
- Add blocked since information to the blocked user list.
- Add extra testing to moderation code.
- Blocked user will unwatch doer's owned repository upon blocking.
- Add flash messages to let the user know the block/unblock action was successful.
- Add "You haven't blocked any users" message.
- Add organization blocking a user.

Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/802
(cherry picked from commit 0505a10421)
(cherry picked from commit 37b4e6ef9b)
(cherry picked from commit 217475385a)
(cherry picked from commit f2c38ce5c2)
(cherry picked from commit 1edfb68137)
(cherry picked from commit 2cbc12dc74)
(cherry picked from commit 79ff020f18)
2023-07-17 00:26:42 +02:00
Gusted dc9499bdf9
[MODERATION] user blocking
- Add the ability to block a user via their profile page.
- This will unstar their repositories and visa versa.
- Blocked users cannot create issues or pull requests on your the doer's repositories (mind that this is not the case for organizations).
- Blocked users cannot comment on the doer's opened issues or pull requests.
- Blocked users cannot add reactions to doer's comments.
- Blocked users cannot cause a notification trough mentioning the doer.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/540
(cherry picked from commit 687d852480)
(cherry picked from commit 0c32a4fde5)
(cherry picked from commit 1791130e3c)
(cherry picked from commit 00f411819f)
(cherry picked from commit e0c039b0e8)
(cherry picked from commit b5a058ef00)
(cherry picked from commit 5ff5460d28)
(cherry picked from commit 97bc6e619d)
2023-07-17 00:26:42 +02:00
Gusted f2ecd46d96
[BRANDING] Use forgejo binary name
- Use `forgejo` binary name for migration suggestions.
- Resolves https://codeberg.org/forgejo/forgejo/issues/869#issuecomment-944501

(cherry picked from commit 418a0bed8f)
(cherry picked from commit 734579ce9b)
(cherry picked from commit 8b7cf605f2)
(cherry picked from commit c59e1a4e61)
(cherry picked from commit e3877892e1)
(cherry picked from commit d7249a4b84)
2023-07-17 00:25:56 +02:00
Loïc Dachary 133b7dcd7f
[BRANDING] reserve forgejo-actions username
(cherry picked from commit 2a25be788b)
(cherry picked from commit b270d5815c)
(cherry picked from commit e7382cc71e)
(cherry picked from commit 665400ea1e)
(cherry picked from commit f5b2c691f1)
(cherry picked from commit 3df97adfef)
(cherry picked from commit 494f6eafc1)
(cherry picked from commit 822e3d2c83)
(cherry picked from commit 7460f12568)
(cherry picked from commit f6cd70881e)
(cherry picked from commit c669ce8173)
(cherry picked from commit 1d5a433e02)
(cherry picked from commit c1a4dc150c)
(cherry picked from commit dd1c971c6c)
(cherry picked from commit 8d2dcd9b1e)
(cherry picked from commit b6bb8fd275)
(cherry picked from commit d4b71fe96e)
(cherry picked from commit c9a905f588)
(cherry picked from commit c9930563b2)
(cherry picked from commit 8e8fbf4950)
(cherry picked from commit d3b8e54778)
(cherry picked from commit ee63800789)
2023-07-17 00:25:56 +02:00
Gusted 82e4ff7e88
[DB] Forgejo database migrations
- Implements https://codeberg.org/forgejo/discussions/issues/32#issuecomment-918737
- Allows to add Forgejo-specific migrations that don't interfere with Gitea's migration logic. Please do note that we cannot liberally add migrations for Gitea tables, as they might do their own migrations in a future version on that table, and that could undo our migrations. Luckily,  we don't have a scenario where that's needed and thus not taken into account.

Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/795
(cherry picked from commit 8ee32978c0)
(cherry picked from commit c240b34f59)
(cherry picked from commit 03936c6492)
(cherry picked from commit 8bd051e6df)
(cherry picked from commit 2c55a40c79)
(cherry picked from commit 260d938e92)
(cherry picked from commit cf7c08031f)
(cherry picked from commit 59c1547517)
2023-07-16 23:44:22 +02:00
Earl Warren d6efefbb63
[CLI] implement forgejo-cli actions register
(cherry picked from commit 2f95143000)
(cherry picked from commit cf77f1e6d9)
(cherry picked from commit 0983b62ca0)
2023-07-16 23:21:45 +02:00
Giteabot c334be8284
Fix empty project displayed in issue sidebar (#25802) (#25854)
Backport #25802 by @yp05327

You can confirm this issue in
https://try.gitea.io/yp05327/testrepo/issues/2

Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/1ab476dc-2f9b-4c85-9e87-105fc73af1ee)
After:

![image](https://github.com/go-gitea/gitea/assets/18380374/786f984d-5c27-4eff-b3d9-159f68034ce4)

This issue comes from the change in #25468.
`LoadProject` will always return at least one record, so we use
`ProjectID` to check whether an issue is linked to a project in the old
code.
As other `issue.LoadXXX` functions, we need to check the return value
from `xorm.Session.Get`.

In recent unit tests, we only test `issueList.LoadAttributes()` but
don't test `issue.LoadAttributes()`. So I added a new test for
`issue.LoadAttributes()` in this PR.

Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: Denys Konovalov <privat@denyskon.de>
2023-07-12 19:07:03 +02:00
Giteabot 052e65e63f
Fix incorrect oldest sort in project list (#25806) (#25835)
Backport #25806 by @yp05327

sort type `oldest` should be `Asc`.
Added a test for this.

I see we have `SearchOrderBy` in db model, but we are using many
different ways to define the sort type.
~Maybe we can improve this later.~
↑ Improved in this PR

Co-authored-by: yp05327 <576951401@qq.com>
2023-07-12 13:22:17 +08:00
Giteabot 2b79d3fd52
For API attachments, use API URL (#25639) (#25814)
Backport #25639 by @lunny

Fix #25257

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-07-10 12:56:16 +00:00
Giteabot a1bc2aa05e
Avoid amending the Rebase and Fast-forward merge if there is no message template (#25779) (#25809)
Backport #25779 by @wxiaoguang

Related #22669. Close #25177

After the fix:


![image](https://github.com/go-gitea/gitea/assets/2114189/0e900927-ea72-4f8f-bde6-5ed927cb02f4)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-07-10 10:23:54 +00:00
Giteabot 372b622c2b
Revert package access change from #23879 (#25707) (#25785)
Backport #25707 by @KN4CK3R

Fixes (?) #25538
Fixes https://codeberg.org/forgejo/forgejo/issues/972

Regression #23879

#23879 introduced a change which prevents read access to packages if a
user is not a member of an organization.

That PR also contained a change which disallows package access if the
team unit is configured with "no access" for packages. I don't think
this change makes sense (at the moment). It may be relevant for private
orgs. But for public or limited orgs that's useless because an
unauthorized user would have more access rights than the team member.
This PR restores the old behaviour "If a user has read access for an
owner, they can read packages".

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-07-09 21:00:42 +00:00
Giteabot 06bcdfe77a
Remove unused code (#25734) (#25788)
Backport #25734 by @KN4CK3R

The method is only used in the test. Found it because I changed the
fixtures and had a hard time fixing this test. My revenge is deleting
it.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-07-09 19:47:58 +00:00
Giteabot ea2c9de3c4
Test if container blob is accessible before mounting (#22759) (#25784)
Backport #22759 by @KN4CK3R

related #16865

This PR adds an accessibility check before mounting container blobs.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: silverwind <me@silverwind.io>
2023-07-09 12:00:04 +00:00
silverwind 24e64fe372
Replace interface{} with any (#25686) (#25687)
Same perl replacement as https://github.com/go-gitea/gitea/pull/25686
but for 1.20 to ease future backporting.
2023-07-04 23:41:32 -04:00
Giteabot 0af6542a34
Add unit test for repository collaboration (#25640) (#25658)
Backport #25640 by @earl-warren

- Add a few extra test cases and test functions for the collaboration
model to get everything covered by tests (except for error handling, as
we cannot suddenly mock errors from the database).

```
-> % go tool cover -func=coverage.out | grep "code.gitea.io/gitea/models/repo/collaboration.go"
```

Before:
```
code.gitea.io/gitea/models/repo/collaboration.go:28:                            init                                            100.0%
code.gitea.io/gitea/models/repo/collaboration.go:39:                            GetCollaborators                                61.5%
code.gitea.io/gitea/models/repo/collaboration.go:65:                            CountCollaborators                              0.0%
code.gitea.io/gitea/models/repo/collaboration.go:70:                            GetCollaboration                                0.0%
code.gitea.io/gitea/models/repo/collaboration.go:83:                            IsCollaborator                                  100.0%
code.gitea.io/gitea/models/repo/collaboration.go:87:                            getCollaborations                               42.9%
code.gitea.io/gitea/models/repo/collaboration.go:102:                           ChangeCollaborationAccessMode                   77.8%
code.gitea.io/gitea/models/repo/collaboration.go:141:                           IsOwnerMemberCollaborator                       0.0%
```

After:
```
code.gitea.io/gitea/models/repo/collaboration.go:28:                            init                                            100.0%
code.gitea.io/gitea/models/repo/collaboration.go:39:                            GetCollaborators                                61.5%
code.gitea.io/gitea/models/repo/collaboration.go:65:                            CountCollaborators                              100.0%
code.gitea.io/gitea/models/repo/collaboration.go:70:                            GetCollaboration                                100.0%
code.gitea.io/gitea/models/repo/collaboration.go:83:                            IsCollaborator                                  100.0%
code.gitea.io/gitea/models/repo/collaboration.go:87:                            getCollaborations                               100.0%
code.gitea.io/gitea/models/repo/collaboration.go:102:                           ChangeCollaborationAccessMode                   83.3%
code.gitea.io/gitea/models/repo/collaboration.go:141:                           IsOwnerMemberCollaborator                       87.5%
```

Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/825

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: silverwind <me@silverwind.io>
2023-07-04 06:29:43 +00:00
Lunny Xiao 13ffa287b1
Fix bug of branches API with tests(#25578) (#25579)
Backport #25578 

This PR added a repository's check when creating/deleting branches via
API. Mirror repository and archive repository cannot do that.
2023-07-03 16:17:30 +02:00
Giteabot 64ed262e18
Fix bug when change user name (#25637) (#25646)
Backport #25637 by @lunny

Fix #25621

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-07-03 14:23:35 +03:00
Giteabot 8981f6d0fc
Fix content holes in Actions task logs file (#25560) (#25566)
Backport #25560 by @wolfogre

Fix #25451.

Bugfixes:
- When stopping the zombie or endless tasks, set `LogInStorage` to true
after transferring the file to storage. It was missing, it could write
to a nonexistent file in DBFS because `LogInStorage` was false.
- Always update `ActionTask.Updated` when there's a new state reported
by the runner, even if there's no change. This is to avoid the task
being judged as a zombie task.

Enhancement:
- Support `Stat()` for DBFS file.
- `WriteLogs` refuses to write if it could result in content holes.

Co-authored-by: Jason Song <i@wolfogre.com>
2023-06-28 23:39:23 +00:00
Giteabot 9bbb4d8d6d
Improve loadprojects for issue list (#25468) (#25493) 2023-06-26 02:06:58 +00:00
Giteabot 2cd9d6b3f9
Fix wrong warn messages in migration steps (#25475) (#25487) 2023-06-24 17:51:26 +08:00
Giteabot 2e64449de7
Make "dismiss" content shown correctly (#25461) (#25465)
Backport #25461 by @wxiaoguang

Close #25127


![image](https://github.com/go-gitea/gitea/assets/2114189/7d6be811-8e4a-4982-a5e4-857d171758d4)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-06-23 11:04:15 +00:00
wxiaoguang 061b68e995
Refactor path & config system (#25330) (#25416)
Backport #25330

# The problem

There were many "path tricks":

* By default, Gitea uses its program directory as its work path
* Gitea tries to use the "work path" to guess its "custom path" and
"custom conf (app.ini)"
* Users might want to use other directories as work path
* The non-default work path should be passed to Gitea by GITEA_WORK_DIR
or "--work-path"
* But some Gitea processes are started without these values
    * The "serv" process started by OpenSSH server
    * The CLI sub-commands started by site admin
* The paths are guessed by SetCustomPathAndConf again and again
* The default values of "work path / custom path / custom conf" can be
changed when compiling

# The solution

* Use `InitWorkPathAndCommonConfig` to handle these path tricks, and use
test code to cover its behaviors.
* When Gitea's web server runs, write the WORK_PATH to "app.ini", this
value must be the most correct one, because if this value is not right,
users would find that the web UI doesn't work and then they should be
able to fix it.
* Then all other sub-commands can use the WORK_PATH in app.ini to
initialize their paths.
* By the way, when Gitea starts for git protocol, it shouldn't output
any log, otherwise the git protocol gets broken and client blocks
forever.

The "work path" priority is: WORK_PATH in app.ini > cmd arg --work-path
> env var GITEA_WORK_DIR > builtin default

The "app.ini" searching order is: cmd arg --config > cmd arg "work path
/ custom path" > env var "work path / custom path" > builtin default


## ⚠️ BREAKING

If your instance's "work path / custom path / custom conf" doesn't meet
the requirements (eg: work path must be absolute), Gitea will report a
fatal error and exit. You need to set these values according to the
error log.
2023-06-22 16:27:18 +00:00
sebastian-sauer 30a783879f
Show outdated comments in files changed tab (#24936) (#25428)
Backport #24936

If enabled show a clickable label in the comment. A click on the label
opens the Conversation tab with the comment focussed - there you're able
to view the old diff (or original diff the comment was created on).

**Screenshots**


![image](https://github.com/go-gitea/gitea/assets/1135157/63ab9571-a9ee-4900-9f02-94ab0095f9e7)


![image](https://github.com/go-gitea/gitea/assets/1135157/78f7c225-8d76-46f5-acfd-9b8aab988a6c)

When resolved and outdated:


![image](https://github.com/go-gitea/gitea/assets/1135157/6ece9ebd-c792-4aa5-9c35-628694e9d093)

Option to enable/disable this (stored in user settings - default is
disabled):


![image](https://github.com/go-gitea/gitea/assets/1135157/ed99dfe4-76dc-4c12-bd96-e7e62da50ab5)


![image](https://github.com/go-gitea/gitea/assets/1135157/e837a052-e92e-4a28-906d-9db5bacf93a6)

fixes #24913

Co-authored-by: silverwind <me@silverwind.io>
2023-06-22 08:34:42 +00:00
Giteabot 031ddfcb7b
Fix index generation parallelly failure (#25235) (#25269)
Backport #25235 by @lunny

Fix #22109

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2023-06-15 02:14:00 +00:00
Giteabot 21cd5c2f3d
Fix all possible setting error related storages and added some tests (#23911) (#25244)
Backport #23911 by @lunny

Follow up #22405

Fix #20703 

This PR rewrites storage configuration read sequences with some breaks
and tests. It becomes more strict than before and also fixed some
inherit problems.

- Move storage's MinioConfig struct into setting, so after the
configuration loading, the values will be stored into the struct but not
still on some section.
- All storages configurations should be stored on one section,
configuration items cannot be overrided by multiple sections. The
prioioty of configuration is `[attachment]` > `[storage.attachments]` |
`[storage.customized]` > `[storage]` > `default`
- For extra override configuration items, currently are `SERVE_DIRECT`,
`MINIO_BASE_PATH`, `MINIO_BUCKET`, which could be configured in another
section. The prioioty of the override configuration is `[attachment]` >
`[storage.attachments]` > `default`.
- Add more tests for storages configurations.
- Update the storage documentations.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-06-14 08:36:52 +02:00
Giteabot f64f5495af
Hide limited users if viewed by anonymous ghost (#25214) (#25220)
Backport #25214 by @KN4CK3R

The ghost user leads to inclusion of limited users/orgs in
`BuildCanSeeUserCondition`.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-06-13 13:53:26 +08:00
Wim 62ac3251fa
Remove stars when repo goes private (#19904)
Fixes #18600
2023-06-05 13:25:43 +00:00
Lunny Xiao 315124b469
Fix parallelly generating index failure with Mysql (#24567) 2023-06-05 10:33:47 +00:00
Lunny Xiao 11598885b3
Use RepositoryList instead of []*Repository (#25074) 2023-06-05 15:25:47 +08:00
Denys Konovalov ca35dec18b
Add ability to set multiple redirect URIs in OAuth application UI (#25072)
OAuth applications can already have multiple redirect URIs if
created/edited over API.

This change allows for setting multiple redirect URIs through the UI as
a comma-separated list (e. g.
`https://example.org/redirect,https://redirect.example.org`)

<details>
<summary>Screenshots</summary>

![Bildschirmfoto vom 2023-06-04
17-14-40](https://github.com/go-gitea/gitea/assets/47871822/2206dc32-e7e4-4953-9ecb-e098890b3f54)
![Bildschirmfoto vom 2023-06-04
17-14-50](https://github.com/go-gitea/gitea/assets/47871822/cd97c73c-9310-44ee-a83a-b927a1ef94da)

</details>

Closes #25068
2023-06-05 15:00:12 +08:00
Jack Hay 18de83b2a3
Redesign Scoped Access Tokens (#24767)
## Changes
- Adds the following high level access scopes, each with `read` and
`write` levels:
    - `activitypub`
    - `admin` (hidden if user is not a site admin)
    - `misc`
    - `notification`
    - `organization`
    - `package`
    - `issue`
    - `repository`
    - `user`
- Adds new middleware function `tokenRequiresScopes()` in addition to
`reqToken()`
  -  `tokenRequiresScopes()` is used for each high-level api section
- _if_ a scoped token is present, checks that the required scope is
included based on the section and HTTP method
  - `reqToken()` is used for individual routes
- checks that required authentication is present (but does not check
scope levels as this will already have been handled by
`tokenRequiresScopes()`
- Adds migration to convert old scoped access tokens to the new set of
scopes
- Updates the user interface for scope selection

### User interface example
<img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3">
<img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c">

## tokenRequiresScopes  Design Decision
- `tokenRequiresScopes()` was added to more reliably cover api routes.
For an incoming request, this function uses the given scope category
(say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say
`DELETE`) and verifies that any scoped tokens in use include
`delete:organization`.
- `reqToken()` is used to enforce auth for individual routes that
require it. If a scoped token is not present for a request,
`tokenRequiresScopes()` will not return an error

## TODO
- [x] Alphabetize scope categories
- [x] Change 'public repos only' to a radio button (private vs public).
Also expand this to organizations
- [X] Disable token creation if no scopes selected. Alternatively, show
warning
- [x] `reqToken()` is missing from many `POST/DELETE` routes in the api.
`tokenRequiresScopes()` only checks that a given token has the correct
scope, `reqToken()` must be used to check that a token (or some other
auth) is present.
   -  _This should be addressed in this PR_
- [x] The migration should be reviewed very carefully in order to
minimize access changes to existing user tokens.
   - _This should be addressed in this PR_
- [x] Link to api to swagger documentation, clarify what
read/write/delete levels correspond to
- [x] Review cases where more than one scope is needed as this directly
deviates from the api definition.
   - _This should be addressed in this PR_
   - For example: 
   ```go
	m.Group("/users/{username}/orgs", func() {
		m.Get("", reqToken(), org.ListUserOrgs)
		m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions)
}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser,
auth_model.AccessTokenScopeCategoryOrganization),
context_service.UserAssignmentAPI())
   ```

## Future improvements
- [ ] Add required scopes to swagger documentation
- [ ] Redesign `reqToken()` to be opt-out rather than opt-in
- [ ] Subdivide scopes like `repository`
- [ ] Once a token is created, if it has no scopes, we should display
text instead of an empty bullet point
- [ ] If the 'public repos only' option is selected, should read
categories be selected by default

Closes #24501
Closes #24799

Co-authored-by: Jonathan Tran <jon@allspice.io>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2023-06-04 20:57:16 +02:00
wxiaoguang 520eb57d76
Use a separate admin page to show global stats, remove actions stat (#25062)
Before, Gitea shows the database table stats on the `admin dashboard`
page.

It has some problems:

* `count(*)` is quite heavy. If tables have many records, this blocks
loading the admin page blocks for a long time
* Some users had even reported issues that they can't visit their admin
page because this page causes blocking or `50x error (reverse proxy
timeout)`
* The `actions` stat is not useful. The table is simply too large. Does
it really matter if it contains 1,000,000 rows or 9,999,999 rows?
* The translation `admin.dashboard.statistic_info` is difficult to
maintain.

So, this PR uses a separate page to show the stats and removes the
`actions` stat.


![image](https://github.com/go-gitea/gitea/assets/2114189/babf7c61-b93b-4a62-bfaa-22983636427e)

## ⚠️ BREAKING

The `actions` Prometheus metrics collector has been removed for the
reasons mentioned beforehand.
Please do not rely on its output anymore.
2023-06-03 22:03:41 +08:00
HesterG 28a89e360f
Add user level action runners (#24995)
Used similar logic to organization.

<img width="1437" alt="Screen Shot 2023-05-30 at 10 18 06"
src="https://github.com/go-gitea/gitea/assets/17645053/49f3800a-44ae-4188-b1e6-91d49e3d7868">

<img width="1331" alt="Screen Shot 2023-05-30 at 10 31 18"
src="https://github.com/go-gitea/gitea/assets/17645053/221b2068-e9b9-4e34-bb4a-d390594b2f35">
2023-05-31 09:39:54 +08:00
JakobDev 1b115296d3
Followup to pinned Issues (#24945)
This addressees some things from #24406 that came up after the PR was
merged. Mostly from @delvh.

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: delvh <dev.lh@web.de>
2023-05-30 15:26:51 +00:00
wxiaoguang ad13df36b7
Test query must have "order by" explicitly to avoid unstable results (#24963)
The query must have the "ORDER BY", otherwise the result is not
deterministic.

Replace "interface{}" with "any" by the way.
2023-05-29 03:20:57 +00:00