Template
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo synced 2024-12-03 23:36:09 +01:00
Commit graph

142 commits

Author SHA1 Message Date
6543 7c24ae37b8
without "reqToken()" api works ...
* should be still secure beause ctx.user has to be there or nothing will hapen
2019-10-29 16:27:44 +01:00
6543 deaf69c801
subscribers return []user.APIFormat 2019-10-29 15:19:13 +01:00
6543 06daf4e863
add issue subscriber API 2019-10-29 11:17:45 +01:00
Lunny Xiao 0a80164bec Revert "API should follow RequireSignInView (#8654)" (#8675)
This reverts commit 3c63c3ace4.
2019-10-24 22:10:48 +01:00
Lunny Xiao 3c63c3ace4
API should follow RequireSignInView (#8654) 2019-10-24 13:32:40 +08:00
zeripath fcb535c5c3
Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631)
This PR fixes #7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however.

## Features
- [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.)
- [x] Verify commits signed with the default gpg as valid
- [x] Signer, Committer and Author can all be different
    - [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon.
- [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available
    - Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg
    - [x] Try to match the default key with a user on gitea - this is done at verification time
- [x] Make things configurable?
    - app.ini configuration done
    - [x] when checking commits are signed need to check if they're actually verifiable too
- [x] Add documentation

I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.
2019-10-16 14:42:42 +01:00
David Svantesson 36bcd4cd6b API endpoint for searching teams. (#8108)
* Api endpoint for searching teams.

Signed-off-by: dasv <david.svantesson@qrtech.se>

* Move API to /orgs/:org/teams/search

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Regenerate swagger

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Fix search is Get

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Add test for search team API.

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Update routers/api/v1/org/team.go

grammar

Co-Authored-By: Richard Mahn <richmahn@users.noreply.github.com>

* Fix review comments

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Fix some issues in repo collaboration team search, after changes in this PR.

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Remove teamUser which is not used and replace with actual user id.

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Remove unused search variable UserIsAdmin.

* Add paging to team search.

* Re-genereate swagger

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Fix review comments

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* fix

* Regenerate swagger
2019-10-01 13:32:28 +08:00
David Svantesson 1f951cdeba Add API endpoint for accessing repo topics (#7963)
* Create API endpoints for repo topics.

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Generate swagger

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Add documentation to functions

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Grammar fix

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Fix function comment

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Can't use FindTopics when looking for a single repo topic, as it doesnt use exact match

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Add PUT ​/repos​/{owner}​/{repo}​/topics and remove GET ​/repos​/{owner}​/{repo}​/topics

* Ignore if topic is sent twice in same request, refactoring.

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Fix topic dropdown with api changes.

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Style fix

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Update API documentation

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Better way to handle duplicate topics in slice

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Make response element TopicName an array of strings, instead of using an array of TopicName

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Add test cases for API Repo Topics.

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Fix format of tests

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Fix comments

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Fix unit tests after adding some more topics to the test fixture.

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Update models/topic.go

Limit multiple if else if ...

Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>

* Engine as first parameter in function

Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>

* Replace magic numbers with http status code constants.

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Fix variable scope

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Test one read with login and one with token

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Add some more tests

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Apply suggestions from code review

Use empty struct for efficiency

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Add test case to check access for user with write access

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Fix access, repo admin required to change topics

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Correct first test to be without token

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Any repo reader should be able to access topics.

* No need for string pointer

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
2019-09-03 23:46:24 +08:00
Mike Schwörer 042089fbaf API method to list all commits of a repository (#6408)
* Added API endpoint ListAllCommits (/repos/{owner}/{repo}/git/commits)

Signed-off-by: Mike Schwörer <mailport@mikescher.de>

* Fixed failing drone build

Signed-off-by: Mike Schwörer <mailport@mikescher.de>

* Implemented requested changes (PR reviews)

Signed-off-by: Mike Schwörer <mailport@mikescher.de>

* gofmt

Signed-off-by: Mike Schwörer <mailport@mikescher.de>

* Changed api route from "/repos/{owner}/{repo}/git/commits" to "/repos/{owner}/{repo}/commits"

* Removed unnecessary line

* better error message when git repo is empty

* make generate-swagger

* fixed removed return

* Update routers/api/v1/repo/commits.go

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Update routers/api/v1/repo/commits.go

Co-Authored-By: Lauris BH <lauris@nix.lv>

* go fmt

* Refactored common code into ToCommit()

* made toCommit not exported

* added check for userCache == nil
2019-08-26 16:09:10 +02:00
Tamal Saha 6b3f52fe5f Run CORS handler first for /api routes (#7967)
Signed-off-by: Tamal Saha <tamal@appscode.com>
2019-08-26 13:33:06 +02:00
Tamal Saha 171b359877 Use gitea forked macaron (#7933)
Signed-off-by: Tamal Saha <tamal@appscode.com>
2019-08-23 12:40:29 -04:00
zeripath 635e7b38bd
Swagger: Add information to API Token header (#7585)
* Add a description to the API Token header for swagger
2019-07-24 09:34:11 +01:00
Lunny Xiao b5aa7f7ceb fix api route (#7346) 2019-07-03 06:31:29 +01:00
Richard Mahn cd96dee982 Fixes #7292 - API File Contents bug (#7301) 2019-06-29 16:51:10 -04:00
Richard Mahn 8de0b0a3f0 Fixes #2738 - Adds the /git/tags API endpoint (#7138)
* Fixes #2738 - /git/tags API

* proper URLs

* Adds function comments

* Updates swagger

* Removes newline from tag message

* Removes trailing newline from commit message

* Adds integration test

* Removed debugging

* Adds tests

* Fixes bug where multiple tags of same commit show wrong tag name

* Fix formatting

* Removes unused varaible

* Fix to annotated tag function names and response

* Update modules/git/repo_tag.go

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Uses TagPrefix

* Changes per review, better error handling for getting tag and commit IDs

* Fix to getting commit ID

* Fix to getting commit ID

* Fix to getting commit ID

* Fix to getting commit ID
2019-06-08 17:31:11 +03:00
Richard Mahn 1831b3b571 Fixes #5960 - Adds API Endpoint for Repo Edit (#7006)
* Feature - #5960 - API Endpoint for Repo Editing

* Revert from merge

* Adds integration testing

* Updates to integration tests

* Revert changes

* Update year in file header

* Misspell fix

* XORM = test

* XORM = test

* revert XORM = file

* Makes RepoUnit.ID be pk and autoincr

* Fix to units

* revert header

* Remove print statement

* Adds other responses

* Improves swagger for creating repo

* Fixes import order

* Better Unit Type does not exist error

* Adds editable repo properties to the response repo structure

* Fix to api_repo_edit_test.go

* Fixes repo test

* Changes per review

* Fixes typo and standardizes comments in the EditRepoOption struct for swagger

* Fixes typo and standardizes comments in the EditRepoOption struct for swagger

* Actually can unarchive through the API

* Unlike delete, user doesn't have to be the owner of the org, just admin to the repo

* Fix to swagger comments for field name change

* Update to swagger docs

* Update swagger

* Changes allow_pull_requests to has_pull_requests
2019-05-30 11:09:05 -04:00
Tamal Saha 34d06f4c6b Handle CORS requests (#6289) 2019-05-13 11:38:53 -04:00
Lunny Xiao 34eee25bd4
Move sdk structs to modules/structs (#6905)
* move sdk structs to moduels/structs

* fix tests

* fix fmt

* fix swagger

* fix vendor
2019-05-11 18:21:34 +08:00
Lunny Xiao 199faadea3 Fix org visibility bug when git cloning (#6743)
* fix org visibility bug

* fix permission check

* add integration tests

* fix tests

* change test user name for easier maintainance and fix test

* fix test git repo name
2019-04-25 21:59:10 +03:00
Lunny Xiao 59be704efb Fix team members API (#6714) 2019-04-24 01:32:35 -04:00
zeripath be666b03ee Trace Logging on Permission Denied & ColorFormat (#6618)
* Add log.ColorFormat and log.ColorFormatted

Structs can now implement log.ColorFormatted to provide their own
colored format when logged with `%-v` or additional flags.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add basic ColorFormat to repository and user

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add basic ColorFormat to access and unit

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add ColorFormat to permission and on trace log it

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add log.NewColoredIDValue to make ID value coloring consistent

Signed-off-by: Andrew Thornton <art27@cantab.net>

* formatting changes

* Add some better tracing to permission denied for read issues/pulls

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add Trace logging on permission denied

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove isTrace() check from deferred func

* Adjust repo and allow logging of team

* use FormatInt instead of Itoa

* Add blank line

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update access.go
2019-04-22 23:40:51 +03:00
techknowlogick 19ec2606e9 API OTP Context (#6674)
* API OTP Context

* Update api.go

* token

* token

* fix per discord

* copyright header

* remove check for token in OTP

* Update auth.go

* simplify

* Update api.go
2019-04-19 11:59:26 +03:00
Richard Mahn 2262811e40 Fixes 4762 - Content API for Creating, Updating, Deleting Files (#6314) 2019-04-17 12:06:35 -04:00
Segev Finer 34548369e1 Add API for manipulating Git hooks (#6436)
* Add API for manipulating Git hooks

Signed-off-by: Segev Finer <segev@codeocean.com>

* Replace code.gitea.io/sdk with PR branch temporarily for CI

* Switch back to code.gitea.io/sdk@master

* Return 403 instead of 404 on no permission to edit hooks in API

* Add tests for Git hooks API

* Update models/repo_list_test.go

Co-Authored-By: segevfiner <segev208@gmail.com>

* Update models/repo_list_test.go

Co-Authored-By: segevfiner <segev208@gmail.com>

* empty line
2019-04-17 01:31:08 -04:00
mrsdizzie 3ff0a126e1 Improve issue autolinks (#6273)
* Improve issue autolinks

Update autolinks to match what github does here:

Issue in same repo: #1
Issue in different repo: org/repo#1

Fixes #6264

* Use setting.AppURL when parsing URL

Using setting.AppURL here is a more reliable way of parsing the current
URL and what other functions in this file seem to use.

* Make ComposeMetas always return a valid context

* Add per repository markdown renderers for better context

* Update for use of context metas

Now that we include the user and repo name inside context metas, update
various code and tests for this new logic
2019-04-12 08:53:34 +03:00
Vasek Sraier 49b2f45f75 Cleaned permission checks for API -> site admin can now do anything (#6483)
* cleaned permission checks for API -> site admin can now do anything

Signed-off-by: Vasek Sraier <git@vakabus.cz>

* PR #6483: helper methods moved to context/context.go, added missing return

Signed-off-by: Vasek Sraier <git@vakabus.cz>

* PR #6483: added documentation to new exported helper functions in context/context.go

Signed-off-by: Vasek Sraier <git@vakabus.cz>
2019-04-08 01:49:34 +03:00
John Olheiser cac9e6e760 Updates to API 404 responses (#6077) 2019-03-18 22:29:43 -04:00
Lunny Xiao 01bbf5ea69 Add API to list tags (#5850)
* Add API to list tags

* update dependency gitea sdk vendor

* fix swagger generation

* fix swagger

* add tests

* update code.gitea.io/git vendor
2019-02-07 12:00:52 +00:00
Lanre Adelowo 9dfdf80af0 Expose issue stopwatch toggling via API (#5970) 2019-02-06 21:57:25 -05:00
Lunny Xiao ecefa9e724 Add single commit API support (#5843)
* add single commit API support
2019-02-02 22:35:17 -05:00
Lanre Adelowo 57a69ef277 don't allow pull requests to be created on an archived repository (#5883)
* don't allow pull requests to be created on an archived repository
Also disable the "PR" button if the repo is archived

* Refuse creating an issue/PR via API calls too
2019-01-30 12:20:40 -05:00
zeripath bf47f70c3b
API: Fix null pointer in attempt to Sudo if not logged in (#5872)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-01-28 14:13:59 +00:00
Shashvat Kedia 1b90692844 New API routes added (#5594)
* New API routes added

* Comments added

* Build fix

* swagger_v1_json.tmpl without new line character

* Typo fix

* Code review changes

* Code review changes

* Add copyright

* Add copyright

* Add copyright

* Update per @lafriks feedback

* Update org.go

* Update user.go

* Update user.go

* make fmt
2019-01-23 17:30:19 -05:00
Harshit Bansal 5ac6da3c41 api: Add missing GET teams endpoints (#5382)
* api: Add an endpoint to list a particular member of team.

* models: Rename `GetUserTeams()` to `GetUserOrgTeams()` in `org_team` model.

`GetUserTeams()` sounds a bit misnomer since it actually returns
the teams that user belongs to in a given organization rather than
all the teams across all the organization that the user has joined.

* models: Add `GetUserTeams()`.

Returns all the teams that a user belongs to.

* api: Add an endpoint for GET '/user/teams'.

A GET request to this endpoint lists all the teams that a user
belongs to.
2019-01-16 19:39:50 -05:00
Shashvat Kedia 6e20b504b1 Delete organization endpoint added (#5601)
* Delete organization endpoint added

* Parameters added in comment

* Typo fix

* Newline character removed
2018-12-27 16:36:58 +01:00
Kasi Reddy d5d847e5c4 Git-Trees API (#5403)
* Git-Trees API

* update vendor'd libs

* added comments to exported function and formatted.

* make fmt

* update per @lafirks feedback
2018-11-28 16:17:09 -05:00
Lunny Xiao eabbddcd98
Restrict permission check on repositories and fix some problems (#5314)
* fix units permission problems

* fix some bugs and merge LoadUnits to repoAssignment

* refactor permission struct and add some copyright heads

* remove unused codes

* fix routes units check

* improve permission check

* add unit tests for permission

* fix typo

* fix tests

* fix some routes

* fix api permission check

* improve permission check

* fix some permission check

* fix tests

* fix tests

* improve some permission check

* fix some permission check

* refactor AccessLevel

* fix bug

* fix tests

* fix tests

* fix tests

* fix AccessLevel

* rename CanAccess

* fix tests

* fix comment

* fix bug

* add missing unit for test repos

* fix bug

* rename some functions

* fix routes check
2018-11-28 19:26:14 +08:00
Lauris BH 08bf443016 Implement git refs API for listing references (branches, tags and other) (#5354)
* Inital routes to git refs api

* Git refs API implementation

* Update swagger

* Fix copyright

* Make swagger happy add basic test

* Fix test

* Fix test again :)
2018-11-27 16:52:20 -05:00
Lunny Xiao 8ef177f8c5 add api for user to create org (#5268)
* add api for user to create org

* remove unused blank line on the swagger file end

* fix create and add test

* fix tests

* fix routes of create org API

* fix bug

* add copyright heads
2018-11-20 12:31:30 -05:00
zeripath 7096085f2b Fix #5226 by adding CSRF checking to api reqToken and add CSRF to the POST header for deadline (#5250)
* Add CSRF checking to reqToken and place CSRF in the post for deadline creation

Fixes #5226, #5249

* /api/v1/admin/users routes should have reqToken middleware
2018-11-03 21:15:55 -04:00
kolaente 6759237eda User action heatmap (#5131)
* Added basic heatmap data

* Added extra case for sqlite

* Built basic heatmap into user profile

* Get contribution data from api & styling

* Fixed lint & added extra group by statements for all database types

* generated swagger spec

* generated swagger spec

* generated swagger spec

* fixed swagger spec

* fmt

* Added tests

* Added setting to enable/disable user heatmap

* Added locale for loading text

* Removed UseTiDB

* Updated librejs & moment.js

* Fixed import order

* Fixed heatmap in postgresql

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-Authored-By: kolaente <konrad@kola-entertainments.de>

* Added copyright header

* Fixed a bug to show the heatmap for the actual user instead of the currently logged in

* Added integration test for heatmaps

* Added a heatmap on the dashboard

* Fixed timestamp parsing

* Hide heatmap on mobile

* optimized postgresql group by query

* Improved sqlite group by statement
2018-10-23 10:57:42 +08:00
Oleg Kovalov 5a4648cdd6 Remove check for negative length (#5120) 2018-10-20 17:25:14 -04:00
B-OnTheGo e47df0b301 Enforce token on api routes [fixed critical security issue #4357] (#4840) 2018-09-10 12:15:52 -04:00
zeripath d293a2b9d6 Add sudo functionality to the API (#4809) 2018-09-06 23:31:29 -04:00
Lunny Xiao e48df3ee47 issues api allow pulls and fix #4832 (#4852) 2018-09-03 13:20:54 -04:00
Piotr Orzechowski a74426d631 Swagger.v1.json template (#3572)
* Turn swagger.v1.json into template

* Rename ENABLE_SWAGGER_ENDPOINT option to ENABLE_SWAGGER
2018-07-28 03:19:01 +03:00
kolaente ef6813abc9 Issue due date api (#3890)
* Implemented basic api endpoint to manage deadlines

* Fixed checking for permissions

* Updating a deadline from the ui is now entirely done via the api

* cleanup

* Cosmetics

* fixed lint + fmt

* Added swagger model definition for deadline response

* Updated gitea-sdk

* Updated gitea-sdk

* More cleanup

* Generate swagger json

* Merge branch 'master' of https://github.com/go-gitea/gitea into issue-due-date-api

# Conflicts:
#	public/swagger.v1.json

* Fixed permission to update a deadline via api

* Re-added form to change a deadline

* Added client-side validation + not ignore error messages from the api

* Added locale for error message

* Merge branch 'master' of https://github.com/go-gitea/gitea

# Conflicts:
#	models/issue_comment.go

* Proper date validation

* Fixed indention

* moved css to css file

* added documentation for error codes

* after merge cleanup

* Added swagger description

* DO NOTHING BUT TRIGGER THAT F*CKIN CI SO IT PICKS UP THE LATEST COMMIT AS IT SHOULD

* DO NOTHING BUT TRIGGER THAT F*CKIN CI SO IT PICKS UP THE LATEST COMMIT AS IT SHOULD

* regenerated stylesheets
2018-07-16 14:43:00 +02:00
techknowlogick ab55ca7ebd
Add ability to delete a token (#4235)
Fix #4234
2018-07-06 21:54:30 -04:00
Antoine GIRARD 6efdcaed86 Fix swagger security parts (#4236) 2018-06-12 19:23:00 -04:00
Ethan Koenig 7ea4bfc561 API endpoint for testing webhook (#3550)
* API endpoint for testing webhook

* Empty commit to rerun CI
2018-04-29 14:21:33 +08:00