Commit graph

3,387 commits

Author SHA1 Message Date
Kyle Evans
e461f0854f
[RFC] Make archival asynchronous (#11296)
* Make archival asynchronous

The prime benefit being sought here is for large archives to not
clog up the rendering process and cause unsightly proxy timeouts.
As a secondary benefit, archive-in-progress is moved out of the
way into a /tmp file so that new archival requests for the same
commit will not get fulfilled based on an archive that isn't yet
finished.

This asynchronous system is fairly primitive; request comes in, we'll
spawn off a new goroutine to handle it, then we'll mark it as done.
Status requests will see if the file exists in the final location,
and report the archival as done when it exists.

Fixes #11265

* Archive links: drop initial delay to three-quarters of a second

Some, or perhaps even most, archives will not take all that long to archive.
The archive process starts as soon as the download button is initially
clicked, so in theory they could be done quite quickly.  Drop the initial
delay down to three-quarters of a second to make it more responsive in the
common case of the archive being quickly created.

* archiver: restructure a little bit to facilitate testing

This introduces two sync.Cond pointers to the archiver package. If they're
non-nil when we go to process a request, we'll wait until signalled (at all)
to proceed. The tests will then create the sync.Cond so that it can signal
at-will and sanity-check the state of the queue at different phases.

The author believes that nil-checking these two sync.Cond pointers on every
archive processing will introduce minimal overhead with no impact on
maintainability.

* gofmt nit: no space around binary + operator

* services: archiver: appease golangci-lint, lock queueMutex

Locking/unlocking the queueMutex is allowed, but not required, for
Cond.Signal() and Cond.Broadcast().  The magic at play here is just a little
too much for golangci-lint, as we take the address of queueMutex and this is
mostly used in archiver.go; the variable still gets flagged as unused.

* archiver: tests: fix several timing nits

Once we've signaled a cond var, it may take some small amount of time for
the goroutines released to hit the spot we're wanting them to be at. Give
them an appropriate amount of time.

* archiver: tests: no underscore in var name, ungh

* archiver: tests: Test* is run in a separate context than TestMain

We must setup the mutex/cond variables at the beginning of any test that's
going to use it, or else these will be nil when the test is actually ran.

* archiver: tests: hopefully final tweak

Things got shuffled around such that we carefully build up and release
requests from the queue, so we can validate the state of the queue at each
step. Fix some assertions that no longer hold true as fallout.

* repo: Download: restore some semblance of previous behavior

When archival was made async, the GET endpoint was only useful if a previous
POST had initiated the download. This commit restores the previous behavior,
to an extent; we'll now submit the archive request there and return a
"202 Accepted" to indicate that it's processing if we didn't manage to
complete the request within ~2 seconds of submission.

This lets a client directly GET the archive, and gives them some indication
that they may attempt to GET it again at a later time.

* archiver: tests: simplify a bit further

We don't need to risk failure and use time.ParseDuration to get 2 *
time.Second.

else if isn't really necessary if the conditions are simple enough and lead
to the same result.

* archiver: tests: resolve potential source of flakiness

Increase all timeouts to 10 seconds; these aren't hard-coded sleeps, so
there's no guarantee we'll actually take that long. If we need longer to
not have a false-positive, then so be it.

While here, various assert.{Not,}Equal arguments are flipped around so that
the wording in error output reflects reality, where the expected argument is
second and actual third.

* archiver: setup infrastructure for notifying consumers of completion

This API will *not* allow consumers to subscribe to specific requests being
completed, just *any* request being completed. The caller is responsible for
determining if their request is satisfied and waiting again if needed.

* repo: archive: make GET endpoint synchronous again

If the request isn't complete, this endpoint will now submit the request and
wait for completion using the new API. This may still be susceptible to
timeouts for larger repos, but other endpoints now exist that the web
interface will use to negotiate its way through larger archive processes.

* archiver: tests: amend test to include WaitForCompletion()

This is a trivial one, so go ahead and include it.

* archiver: tests: fix test by calling NewContext()

The mutex is otherwise uninitialized, so we need to ensure that we're
actually initializing it if we plan to test it.

* archiver: tests: integrate new WaitForCompletion a little better

We can use this to wait for archives to come in, rather than spinning and
hoping with a timeout.

* archiver: tests: combine numQueued declaration with next-instruction assignment

* routers: repo: reap unused archiving flag from DownloadStatus()

This had some planned usage before, indicating whether this request
initiated the archival process or not. After several rounds of refactoring,
this use was deemed not necessary for much of anything and got boiled down
to !complete in all cases.

* services: archiver: restructure to use a channel

We now offer two forms of waiting for a request:
- WaitForCompletion: wait for completion with no timeout
- TimedWaitForCompletion: wait for completion with timeout

In both cases, we wait for the given request's cchan to close; in the latter
case, we do so with the caller-provided timeout. This completely removes the
need for busy-wait loops in Download/InitiateDownload, as it's fairly clean
to wait on a channel with timeout.

* services: archiver: use defer to unlock now that we can

This previously carried the lock into the goroutine, but an intermediate
step just added the request to archiveInProgress outside of the new
goroutine and removed the need for the goroutine to start out with it.

* Revert "archiver: tests: combine numQueued declaration with next-instruction assignment"

This reverts commit bcc52140238e16680f2e05e448e9be51372afdf5.

Revert "archiver: tests: integrate new WaitForCompletion a little better"

This reverts commit 9fc8bedb5667d24d3a3c7843dc28a229efffb1e6.

Revert "archiver: tests: fix test by calling NewContext()"

This reverts commit 709c35685eaaf261ebbb7d3420e3376a4ee8e7f2.

Revert "archiver: tests: amend test to include WaitForCompletion()"

This reverts commit 75261f56bc05d1fa8ff7e81dcbc0ccd93fdc9d50.

* archiver: tests: first attempt at WaitForCompletion() tests

* archiver: tests: slight improvement, less busy-loop

Just wait for the requests to complete in order, instead of busy-waiting
with a timeout.  This is slightly less fragile.

While here, reverse the arguments of a nearby assert.Equal() so that
expected/actual are correct in any test output.

* archiver: address lint nits

* services: archiver: only close the channel once

* services: archiver: use a struct{} for the wait channel

This makes it obvious that the channel is only being used as a signal,
rather than anything useful being piped through it.

* archiver: tests: fix expectations

Move the close of the channel into doArchive() itself; notably, before these
goroutines move on to waiting on the Release cond.

The tests are adjusted to reflect that we can't WaitForCompletion() after
they've already completed, as WaitForCompletion() doesn't indicate that
they've been released from the queue yet.

* archiver: tests: set cchan to nil for comparison

* archiver: move ctx.Error's back into the route handlers

We shouldn't be setting this in a service, we should just be validating the
request that we were handed.

* services: archiver: use regex to match a hash

This makes sure we don't try and use refName as a hash when it's clearly not
one, e.g. heads/pull/foo.

* routers: repo: remove the weird /archive/status endpoint

We don't need to do this anymore, we can just continue POSTing to the
archive/* endpoint until we're told the download's complete. This avoids a
potential naming conflict, where a ref could start with "status/"

* archiver: tests: bump reasonable timeout to 15s

* archiver: tests: actually release timedReq

* archiver: tests: run through inFlight instead of manually checking

While we're here, add a test for manually re-processing an archive that's
already been complete. Re-open the channel and mark it incomplete, so that
doArchive can just mark it complete again.

* initArchiveLinks: prevent default behavior from clicking

* archiver: alias gitea's context, golang context import pending

* archiver: simplify logic, just reconstruct slices

While the previous logic was perhaps slightly more efficient, the
new variant's readability is much improved.

* archiver: don't block shutdown on waiting for archive

The technique established launches a goroutine to do the wait,
which will close a wait channel upon termination. For the timeout
case, we also send back a value indicating whether the timeout was
hit or not.

The timeouts are expected to be relatively small, but still a multi-
second delay to shutdown due to this could be unfortunate.

* archiver: simplify shutdown logic

We can just grab the shutdown channel from the graceful manager instead of
constructing a channel to halt the caller and/or pass a result back.

* Style issues

* Fix mis-merge

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-11-07 22:27:28 +02:00
a1012112796
82cf67a93e
updateSize when create a repo with init commit (#13441)
Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-11-06 23:44:08 -05:00
Lunny Xiao
35cc82abbf
Revert "Replies to outdated code comments should also be outdated (#13217)" (#13439)
This reverts commit 3cab3bee57.
2020-11-06 09:04:21 +02:00
zeripath
3cab3bee57
Replies to outdated code comments should also be outdated (#13217)
* When replying to an outdated comment it should not appear on the files page

This happened because the comment took the latest commitID as its base instead of the
reviewID that it was replying to.

There was also no way of creating an already outdated comment - and a
reply to a review on an outdated line should be outdated.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix test

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-11-04 17:55:15 -05:00
Lunny Xiao
afb3a5c1d5
Fix bug on release publisherid migrations (#13410)
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2020-11-03 23:47:54 +08:00
a1012112796
b687707014
Add the tag list page to the release page (#12096)
* Add the tag list page to the release page

* Add the tags list view
* Add the delete tag way on ui
* Not delete tag and clear message when delete a release

Signed-off-by: a1012112796 <1012112796@qq.com>

* Apply suggestions from code review

Co-authored-by: Cirno the Strongest <1447794+CirnoT@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* fix ui

* Add to header

* ui

* permission

* ui

* Update options/locale/locale_en-US.ini

Co-authored-by: Lauris BH <lauris@nix.lv>

* tweaks

* monospace commit hashes

* Add read permission check

* fix permission

* fix nit

* Update web_src/less/_base.less

Co-authored-by: silverwind <me@silverwind.io>

* ui fixes

* title tweaks

* fix lint

* fix test

* fix test and some ui nits

* Apply suggestions from code review

Co-authored-by: silverwind <me@silverwind.io>

Co-authored-by: Cirno the Strongest <1447794+CirnoT@users.noreply.github.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: silverwind <me@silverwind.io>
2020-11-02 18:10:22 -05:00
Cirno the Strongest
06268dcf53
Fix reactions on code comments (#13390)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-11-02 10:56:02 +02:00
Antoine GIRARD
f3bbd46c49
don't append key file if asked not to (#13368) 2020-10-31 20:57:41 -04:00
zeripath
47dd1cb7ae
Refactor Logger (#13294)
Refactor Logger to make a logger interface and make it possible to
wrap loggers for specific purposes.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-31 01:36:46 -04:00
John Olheiser
b5e974c8a5
Delete tag API (#13358)
* Delete tag API

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Wording

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Add conflict response and fix API tests

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Fix other test

Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-10-30 20:56:34 -05:00
Pedro Alves
c40df54e28
Group Label Changed Comments in timeline (#13304)
* Create function to group label comments

* Combine multiple label additions into one

* Group removed and added labels in the same comment

* Fix indentation on comments.tmpl

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2020-10-25 17:49:48 -04:00
Divyam Bhasin
7974b34183
#12897 - add mastodon provider (#13293)
* added mastodon provider to oauth code

* changed go.mod and vendor/modules.txt to add updated goth

* vendored mastodon and new goth

* committing result of go mod tidy && go mod vendor

* added pic and mastodon to oauth models

* handled instance url

* applied lafriks suggestion

* Update web_src/js/index.js

Co-authored-by: techknowlogick <matti@mdranta.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <matti@mdranta.net>
2020-10-25 14:21:49 -04:00
zeripath
4099e4f1b6
Ensure topics added using the API are added to the repository (#13285)
* Ensure topics added using the API are added to the repository

Fix #12426

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-10-24 15:11:30 +01:00
zeripath
f40a2a4404
Store task errors following migrations and display them (#13246)
* Store task errors following migrations and display them

When migrate tasks fail store the error in the task table
and ensure that they show on the status page.

Fix #13242

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update web_src/js/index.js

* Hide the failed first

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-23 19:46:35 -04:00
Paweł Bogusławski
d2ad4dec63
Avatar autogeneration fixed (#13233)
This mod fixes problem with initial avatar autogeneration and
avatar autogneration after deleting previous avatar.

Related: https://github.com/go-gitea/gitea/issues/13159
Fixes: 80a6b0f5bc
Author-Change-Id: IB#1105243
2020-10-23 20:55:10 +03:00
Lunny Xiao
be82b8f99a
Keep database transactions not too big (#13254)
* Keep database transactions not too big

* Fix #13255

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Only cache the last repo

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Andrew Thornton <art27@cantab.net>
2020-10-22 11:45:54 -04:00
Lanre Adelowo
e918636283
Enhance release list (#6025)
* show author for releases created outside Gitea UI.

Also show the number of commits behind the default branch for tags created outside the UI

don't show the tag date again for tags pushed to the repo. Since it is already on the sidebar and looks like duplication

* add migration for already existing tags

* update as per review

* fix build

* add space

* fix import statments

* Update models/migrations/v113.go

Co-Authored-By: zeripath <art27@cantab.net>

* Update models/migrations/v114.go

Co-authored-by: 6543 <6543@obermui.de>

* Update services/release/release.go

Co-authored-by: 6543 <6543@obermui.de>

* impruve

* remove dependency on models package

* Close the gitrepos in a defer to ensure that they are closed.

* gofmt

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-21 20:55:25 -04:00
6543
48a80096bb
Update heatmap fixtures to restore tests (#13224)
* hotfix

* update ...
2020-10-20 17:39:25 -05:00
a1012112796
b9850375fc
Add review request api (#11355)
* Add review request api

* add : POST /repos/{owner}/{repo}/pulls/{index}/requested_reviewers
* Remove : DELET /repos/{owner}/{repo}/pulls/{index}/requested_reviewers
* fix some request review bug
* block delet request review by models/DeleteReview()

Signed-off-by: a1012112796 <1012112796@qq.com>

* make fmt

* fix bug

* fix test code

* fix typo

* Apply suggestion from code review @jonasfranz

* fix swagger ref

* fix typo

Co-authored-by: Lauris BH <lauris@nix.lv>

* fix comment

* Change response message

* chang response so some simplfy

* Add ErrIllLegalReviewRequest
fix some nits

* make fmt

* Apply suggestions from code review

Co-authored-by: silverwind <me@silverwind.io>

* * Add team support
* fix test
* fix an known bug

* fix nit

* fix test

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* update get api and add test

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: zeripath <art27@cantab.net>
2020-10-20 14:18:25 -04:00
6543
d453533beb
[Refactor] Move APIFormat functions into convert package (#12856)
* USER APIFormat -> ToUser

* Migrate more and mark APIFormat deprecated

* models.Comment APIFormat() -> convert.ToComment

* models.Release APIFormat() -> convert.ToRelease

* models.Attachments APIFormat() -> convert.ToReleaseAttachments

* models.CommitStatus APIFormat() -> convert.ToCommitStatus

* finish migration to convert.ToUser

* Move Test

* Imprufe Test

* fix test

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-17 00:23:08 -04:00
ydelafollye
cb171dbd56
Improve users management through the CLI (#6001) (#10492)
* Fix images in wiki edit preview (#11546)

Make sure wiki editor sets wiki to true so gitea renders it as a wiki page.

Also change the context data attr for edit form. This looks wrong but everywhere else in our code assumes the urlPrefix to be just the repo url when rendering and manually adds /wiki to the rendered url regardless.

Fixes #11540
2020-10-15 22:48:38 -04:00
Elena Neuschild
4fbe64572c
Change order of possible-owner organizations to alphabetical (#13160)
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-15 18:15:55 -04:00
Lunny Xiao
80a6b0f5bc
Avatars and Repo avatars support storing in minio (#12516)
* Avatar support minio

* Support repo avatar minio storage

* Add missing migration

* Fix bug

* Fix test

* Add test for minio store type on avatars and repo avatars; Add documents

* Fix bug

* Fix bug

* Add back missed avatar link method

* refactor codes

* Simplify the codes

* Code improvements

* Fix lint

* Fix test mysql

* Fix test mysql

* Fix test mysql

* Fix settings

* Fix test

* fix test

* Fix bug
2020-10-14 21:07:51 +08:00
赵智超
97980146c5
Show original author's reviews on pull summary box (#13127)
follow #12039, show original author's reviews by other way.
fix #11705.

Signed-off-by: a1012112796 <1012112796@qq.com>
2020-10-14 13:11:11 +01:00
赵智超
dfa7291f8f
[Enhancement] Allow admin to merge pr with protected file changes (#12078)
* [Enhancement] Allow admin to merge pr with protected file changes

As tilte, show protected message in diff page and merge box.

Signed-off-by: a1012112796 <1012112796@qq.com>

* remove unused ver

* Update options/locale/locale_en-US.ini

Co-authored-by: Cirno the Strongest <1447794+CirnoT@users.noreply.github.com>

* Add TrN

* Apply suggestions from code review

* fix lint

* Update options/locale/locale_en-US.ini

Co-authored-by: zeripath <art27@cantab.net>

* Apply suggestions from code review

* move pr proteced files check to TestPatch
* Call TestPatch when protected branches settings changed

* Apply review suggestion @CirnoT

* move to service @lunny

* slightly restructure routers/private/hook.go

Adds a lot of comments and simplifies the logic

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* skip duplicate protected files check

* fix check logic

* slight refactor of TestPatch

Signed-off-by: Andrew Thornton <art27@cantab.net>

* When checking for protected files changes in TestPatch use the temporary repository

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix introduced issue with hook

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove the check on PR index being greater than 0 as it unnecessary

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: Cirno the Strongest <1447794+CirnoT@users.noreply.github.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-13 14:50:57 -04:00
zeripath
6b1266b6b3
Provide self-registering storage system (#12978)
* Provide self-registering storage system

Signed-off-by: Andrew Thornton <art27@cantab.net>

* More simplification

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove old strings from setting

Signed-off-by: Andrew Thornton <art27@cantab.net>

* oops attachments not attachment

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-10-12 23:58:34 -04:00
6543
ade9c8dc3c
[API] If User is Admin, show 500 error message on PROD mode too (#13115)
* API: show admin 500 error message on PROD mode too

* a nit

* dont miss InternalServerError

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-12 20:41:49 -04:00
6543
f4ffe8ed54
Save TimeStamps for Star, Label, Follow, Watch and Collaboration to Database (#13124)
* Add timestamps to Star, Label, LanguageStat, Follow, Watch and Collaboration

* Star do not need updated

* LanguageStat do not need update (they wont change)

* fix unit-test
2020-10-12 20:01:57 -04:00
赵智超
8be3e439c2
Add team support for review request (#12039)
Add team support for review request

Block #11355

Signed-off-by: a1012112796 <1012112796@qq.com>
Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2020-10-12 20:55:13 +01:00
6543
9513638715
Prohibit automatic downgrades (#13108)
Prohibit automatic downgrades by checking the version of the db and warning if the version number should be lower.

Close #13107

Co-authored-by: Cirno the Strongest <1447794+CirnoT@users.noreply.github.com>
2020-10-12 15:35:56 +01:00
Chris Shyi
c752ccee64
Improve error feedback for duplicate deploy keys (#13112)
Instead of a generic HTTP 500 error page, a flash message is rendered with the deploy key page template to inform the user that a key with the intended title already exists. 

Fixes #13110
2020-10-12 14:44:56 +01:00
kolaente
64133126cd
Update golangci-lint to version 1.31.0 (#13102)
This PR updates golangci-lint to the latest version 1.31.0.

The upgrade introduced a new check for which I've fixed or disabled most cases.

Signed-off-by: kolaente <k@knt.li>
2020-10-11 21:27:20 +01:00
Wim
9066d09c57
Add ssh certificate support (#12281)
* Add ssh certificate support

* Add ssh certificate support to builtin ssh

* Write trusted-user-ca-keys.pem based on configuration

* Update app.example.ini

* Update templates/user/settings/keys_principal.tmpl

Co-authored-by: silverwind <me@silverwind.io>

* Remove unused locale string

* Update options/locale/locale_en-US.ini

Co-authored-by: silverwind <me@silverwind.io>

* Update options/locale/locale_en-US.ini

Co-authored-by: silverwind <me@silverwind.io>

* Update models/ssh_key.go

Co-authored-by: silverwind <me@silverwind.io>

* Add missing creation of SSH.Rootpath

* Update cheatsheet, example and locale strings

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

* Optimizations based on feedback

* Validate CA keys for external sshd

* Add filename option and change default filename

Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is
RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem

Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty.

Add some more documentation.

* Remove unneeded principalkey functions

* Add blank line

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option

This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default
email,username this means that users only can add the principals
that match their email or username.

To allow anything the admin need to set the option anything.

This allows for a safe default in gitea which protects against malicious
users using other user's prinicipals. (before that user could set it).

This commit also has some small other fixes from the last code review.

* Rewrite principal keys file on user deletion

* Use correct rewrite method

* Set correct AuthorizedPrincipalsBackup default setting

* Rewrite principalsfile when adding principals

* Add update authorized_principals option to admin dashboard

* Handle non-primary emails

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add the command actually to the dashboard template

* Update models/ssh_key.go

Co-authored-by: silverwind <me@silverwind.io>

* By default do not show principal options unless there are CA keys set or they are explicitly set

Signed-off-by: Andrew Thornton <art27@cantab.net>

* allow settings when enabled

* Fix typos in TrustedUserCAKeys path

* Allow every CASignatureAlgorithms algorithm

As this depends on the content of TrustedUserCAKeys we should allow all
signature algorithms as admins can choose the specific algorithm on their
signing CA

* Update models/ssh_key.go

Co-authored-by: Lauris BH <lauris@nix.lv>

* Fix linting issue

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-10 20:38:09 -04:00
zeripath
6f2784911f
Fix deadlock when deleting team user (#13092)
`models.getUserRepoPermission(...)` calls `HasOrgVisible` which
uses `models.x` potentially outside of the transaction `e` provided
as an argument to `getUserRepoPermission`.

This PR switches to use `hasOrgVisible(e, ...)`.

Fix #12983

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-10-10 22:48:58 +03:00
zeripath
ea69ec6f0f
Disable DSA ssh keys by default (#13056)
* Disable DSA ssh keys by default

OpenSSH has disabled DSA keys since version 7.0

As the docker runs openssh > v7.0 we should just disable
DSA keys by default.

Refers to #11417

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Just disable DSA keys by default

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Appears we need to set the minimum key sizes too

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Appears we need to set the minimum key sizes too

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove DSA type

* Fix Tests

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-10-09 09:52:57 +03:00
zeripath
5e1c51cdb6
(Re)Load issue labels when changing them (#13007)
(Re)Load issue labels when labels are added or removed

This means that the label state that the webhooks produce accurately matches
the changes that they are reporting.

Fix #10660

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-10-05 09:49:11 +03:00
silverwind
cda44750cb
Attachments: Add extension support, allow all types for releases (#12465)
* Attachments: Add extension support, allow all types for releases

- Add support for file extensions, matching the `accept` attribute of `<input type="file">`
- Add support for type wildcard mime types, e.g. `image/*`
- Create repository.release.ALLOWED_TYPES setting (default unrestricted)
- Change default for attachment.ALLOWED_TYPES to a list of extensions
- Split out POST /attachments into two endpoints for issue/pr and
  releases to prevent circumvention of allowed types check

Fixes: https://github.com/go-gitea/gitea/pull/10172
Fixes: https://github.com/go-gitea/gitea/issues/7266
Fixes: https://github.com/go-gitea/gitea/pull/12460
Ref: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#Unique_file_type_specifiers

* rename function

* extract GET routes out of RepoMustNotBeArchived

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-10-05 01:49:33 -04:00
6543
818d921bbb
Refactor use TrimSuffix instead of TrimRight (#12993)
* Refactor use TrimSuffix instead of TrimRight

* TrimRight right

* has #12990
2020-10-01 06:54:34 +01:00
Lunny Xiao
3878e985b6
Add default storage configurations (#12813)
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
2020-09-29 12:05:13 +03:00
zeripath
4c6ac08182
Completely quote AppPath and CustomConf paths (#12955)
* Completely quote AppPath and CustomConf paths

Properly handle spaces in AppPath and CustomConf within hooks and
authorized_keys. Unfortunately here we don't seem to be able to get away
with using go-shellquote as it appears that Windows doesn't play too
well with singlequote quoting - therefore we will avoid singlequote
quoting unless we absolutely cannot get away without it, e.g. \n or !.

Fix #10813

Signed-off-by: Andrew Thornton <art27@cantab.net>

* missing change

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix Test_CmdKeys

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-09-28 21:16:52 -04:00
赵智超
3c360801b3
Add IsTemplate option in create repo ui and api (#12942)
Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-09-25 13:18:37 +08:00
zeripath
7a7f56044a
Adopt repositories (#12920)
* Don't automatically delete repository files if they are present

Prior to this PR Gitea would delete any repository files if they are
present during creation or migration. This can in certain circumstances
lead to data-loss and is slightly unpleasant.

This PR provides a mechanism for Gitea to adopt repositories on creation
and otherwise requires an explicit flag for deletion.

PushCreate is slightly different - the create will cause adoption if
that is allowed otherwise it will delete the data if that is allowed.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update swagger

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Fix tests and migrate overwrite

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per @lunny

Only offer to adopt or overwrite if the user can do that.

Allow the site administrator to adopt or overwrite in all
circumstances

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Use setting.Repository.DefaultBranch for the default branch

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Always set setting.Repository.DefaultBranch

Signed-off-by: Andrew Thornton <art27@cantab.net>

* update swagger

Signed-off-by: Andrew Thornton <art27@cantab.net>

* update templates

Signed-off-by: Andrew Thornton <art27@cantab.net>

* ensure repo closed

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Rewrite of adoption as per @6543 and @lunny

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

* update swagger

Signed-off-by: Andrew Thornton <art27@cantab.net>

* missing not

Signed-off-by: Andrew Thornton <art27@cantab.net>

* add modals and flash reporting

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Make the unadopted page searchable

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add API

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Fix swagger

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix swagger

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Handle empty and non-master branched repositories

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* remove commented out code

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-25 07:09:23 +03:00
ひのしば / hinoshiba
6fa19a8458
Fixed count of filtered issues when api request. (#12275)
* Improved total count of issue when filtered.

* Fixed size of slice when  selected 1 repository.

* Improved function of error check.

* improved comment

* Added parameter of return header.

Co-authored-by: 6543 <6543@obermui.de>

* Updated corresponded to the current vendored of "xorm.io/xorm".

* Dedublicated it by store the Options Struct into a variable.

* format code

* Update routers/api/v1/repo/issue.go

Co-authored-by: 6543 <6543@obermui.de>

* Update routers/api/v1/repo/issue.go

Co-authored-by: 6543 <6543@obermui.de>

* Updated number of range.

Co-authored-by: 6543 <6543@obermui.de>

* Updated number of range.

Co-authored-by: 6543 <6543@obermui.de>

* Removed total value.

* make fmt

* Improved value of sql.

Co-authored-by: zeripath <art27@cantab.net>

* Improved value of sql.

* improved message

* improved message

* improved message

* fixed message

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-24 19:30:40 -04:00
6543
2dbca92a0f
API: NotificationSubject show Issue/Pull State (#12901) 2020-09-20 19:10:53 -04:00
zeripath
4979f15c3f
Add configurable Trust Models (#11712)
* Add configurable Trust Models

Gitea's default signature verification model differs from GitHub. GitHub
uses signatures to verify that the committer is who they say they are -
meaning that when GitHub makes a signed commit it must be the committer.
The GitHub model prevents re-publishing of commits after revocation of a
key and prevents re-signing of other people's commits to create a
completely trusted repository signed by one key or a set of trusted
keys.

The default behaviour of Gitea in contrast is to always display the
avatar and information related to a signature. This allows signatures to
be decoupled from the committer. That being said, allowing arbitary
users to present other peoples commits as theirs is not necessarily
desired therefore we have a trust model whereby signatures from
collaborators are marked trusted, signatures matching the commit line
are marked untrusted and signatures that match a user in the db but not
the committer line are marked unmatched.

The problem with this model is that this conflicts with Github therefore
we need to provide an option to allow users to choose the Github model
should they wish to.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Adjust locale strings

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per @6543

Co-authored-by: 6543 <6543@obermui.de>

* Update models/gpg_key.go

* Add migration for repository

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-09-20 00:44:55 +08:00
6543
1418288734
Refactor: move Commit To APIFormat Code & Lot of StopWatch related things (#12729)
* move GitCommit to APIFormat convertion into convert package

* rename Commit convert functions

* move stopwatch to api convertion into convert package & rm unused code & extend test

* fix compare time

* Gitea not Gogs ;)
2020-09-18 20:09:26 +08:00
赵智超
ec5677b7a2
Simplify CheckUnitUser logic (#12854)
if check one user's unit in different repos, it's not necessary to
get user data every time.

Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-15 19:49:34 -04:00
zeripath
772b5e0f54
Add migration for password algorithm change (#12784)
* Add migration for password algorithm change

#12688 changed the default for the user table leading to sync2 warnings

Unfortunately changing defaults requires a complete table rewrite in general.

However, just dropping columns could be bad - so this PR leverages the
techniques used in recreate table to recreate from the inferred schema
and recreates the user table.

This is not necessarily the correct thing to do - but code sometimes speaks
louder than words.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* oops

Signed-off-by: Andrew Thornton <art27@cantab.net>

* ok lets use the shorter bits for other dbs

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update models/migrations/v150.go

* Update models/migrations/v150.go

* fix migration

Signed-off-by: Andrew Thornton <art27@cantab.net>

* mv v150 to v151.go

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-15 18:02:41 -04:00
zeripath
e0ac545043
Add postgres schema to the search_path on database connection (#12634)
Rather than rely on the user running the gitea server and db setting the
schema search_path correctly - if gitea is run with a schema we should
simply set the search_path to have that schema first in the path.

Fix #12505

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-09-11 10:30:19 +01:00
zeripath
25c870faa9
Whilst changing the character set to utf8mb4 we should set ROW_FORMAT=dynamic too (#12804)
Fix #12801

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-09-11 09:25:06 +01:00