117 Commits

Author	SHA1	Message	Date
wxiaoguang	67c1a07285	Refactor AppURL usage (#30885) ... Fix #30883 Fix #29591 --------- Co-authored-by: KN4CK3R <admin@oldschoolhack.me>	2024-05-07 08:26:13 +00:00
wxiaoguang	53b55223d1	Ignore useless error message "broken pipe" (#30801) ... Fix #30792	2024-05-03 02:39:36 +00:00
Micash	ad4e902d5a	Add support for npm bundleDependencies (#30751)	2024-04-29 16:19:06 +08:00
silverwind	9b2536b78f	Update misspell to 0.5.1 and add `misspellings.csv` (#30573) ... Misspell 0.5.0 supports passing a csv file to extend the list of misspellings, so I added some common ones from the codebase. There is at least one typo in a API response so we need to decided whether to revert that and then likely remove the dict entry.	2024-04-27 08:03:49 +00:00
silverwind	74f0c84fa4	Enable more `revive` linter rules (#30608) ... Noteable additions: - `redefines-builtin-id` forbid variable names that shadow go builtins - `empty-lines` remove unnecessary empty lines that `gofumpt` does not remove for some reason - `superfluous-else` eliminate more superfluous `else` branches Rules are also sorted alphabetically and I cleaned up various parts of `.golangci.yml`.	2024-04-22 11:48:42 +00:00
Michael Kriese	bafb80f80d	Support nuspec manifest download for nuget packages (#28921) ... Support downloading nuget nuspec manifest[^1]. This is useful for renovate because it uses this api to find the corresponding repository - Store nuspec along with nupkg on upload - allow downloading nuspec - add doctor command to add missing nuspec files [^1]: https://learn.microsoft.com/en-us/nuget/api/package-base-address-resource#download-package-manifest-nuspec --------- Co-authored-by: KN4CK3R <admin@oldschoolhack.me>	2024-04-17 15:30:41 +00:00
wxiaoguang	1ad48f781e	Relax generic package filename restrictions (#30135) ... Now, the chars `=:;()[]{}~!@#$%^ &` are possible as well Fixes #30134 --------- Co-authored-by: KN4CK3R <admin@oldschoolhack.me>	2024-03-27 16:55:05 +00:00
wxiaoguang	bf6502a8f7	Fix incorrect relative/absolute URL usages (#29531) ... Add two "HTMLURL" methods for PackageDescriptor. And rename "FullWebLink" to "VersionWebLink"	2024-03-02 17:38:38 +00:00
6543	a3f05d0d98	remove util.OptionalBool and related functions (#29513) ... and migrate affected code _last refactoring bits to replace **util.OptionalBool** with **optional.Option[bool]**_	2024-03-02 16:42:31 +01:00
Lunny Xiao	29f149bd9f	Move context from modules to services (#29440) ... Since `modules/context` has to depend on `models` and many other packages, it should be moved from `modules/context` to `services/context` according to design principles. There is no logic code change on this PR, only move packages. - Move `code.gitea.io/gitea/modules/context` to `code.gitea.io/gitea/services/context` - Move `code.gitea.io/gitea/modules/contexttest` to `code.gitea.io/gitea/services/contexttest` because of depending on context - Move `code.gitea.io/gitea/modules/upload` to `code.gitea.io/gitea/services/context/upload` because of depending on context	2024-02-27 08:12:22 +01:00
KN4CK3R	1c6858543c	Integrate alpine `noarch` packages into other architectures index (#29137) ... Fixes #26691 Revert #24972 The alpine package manager expects `noarch` packages in the index of other architectures too. --------- Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2024-02-25 15:10:55 +00:00
KN4CK3R	f79c9e817a	Use `crypto/sha256` (#29386) ... Go 1.21 improved the performance of `crypto/sha256`. It's now similar to `minio/sha256-simd`, so we should just use the standard libs. https://go.dev/doc/go1.21#crypto/sha256 https://go-review.googlesource.com/c/go/+/408795 https://github.com/multiformats/go-multihash/pull/173	2024-02-25 13:32:13 +00:00
CEnnis91	6be3fda6fc	Fix swift packages not resolving (#29095) ... Fixes #29094	2024-02-08 14:45:44 +08:00
KN4CK3R	caad931385	Prevent anonymous container access if `RequireSignInView` is enabled (#28877) ... Fixes #28875 If `RequireSignInView` is enabled, the ghost user has no access rights.	2024-01-21 16:31:29 +00:00
KN4CK3R	461d8b53c2	Fix some RPM registry flaws (#28782) ... Related #26984 (https://github.com/go-gitea/gitea/pull/26984#issuecomment-1889588912) Fix admin cleanup message. Fix models `Get` not respecting default values. Rebuild RPM repository files after cleanup. Do not add RPM group to package version name. Force stable sorting of Alpine/Debian/RPM repository data. Fix missing deferred `Close`. Add tests for multiple RPM groups. Removed non-cached `ReplaceAllStringRegex`. If there are multiple groups available, it's stated in the package installation screen: 	2024-01-19 11:37:10 +00:00
Exploding Dragon	ba4d0b8ffb	Support for grouping RPMs using paths (#26984) ... The current rpm repository places all packages in the same repository, and different systems (el7,f34) may hit packages that do not belong to this distribution ( #25304 ) , which now supports grouping of rpm.  Fixes #25304 . Fixes #27056 . Refactor: [#25866](https://github.com/go-gitea/gitea/pull/25866)	2024-01-12 03:16:05 +00:00
KN4CK3R	064f05204c	Add endpoint for not implemented Docker auth (#28457) ... Recently Docker started to use the optional `POST /v2/token` endpoint which should respond with a `404 Not Found` status code instead of the current `405 Method Not Allowed`. > Note: Not all token servers implement oauth2. If the request to the endpoint returns 404 using the HTTP POST method, refer to Token Documentation for using the HTTP GET method supported by all token servers.	2023-12-13 15:23:53 -05:00
KN4CK3R	a95d5b7702	Add `HEAD` support for rpm repo files (#28309) ... Fixes https://codeberg.org/forgejo/forgejo/issues/1810 zypper uses HEAD requests to check file existence. https://github.com/openSUSE/libzypp/blob/HEAD/zypp/RepoManager.cc#L2549 https://github.com/openSUSE/libzypp/blob/HEAD/zypp-curl/ng/network/private/downloaderstates/basicdownloader_p.cc#L116 @ExplodingDragon fyi	2023-12-05 08:01:02 +00:00
merlleu	796ff26e0e	Do not force creation of _cargo-index repo on publish (#27266) ... Hello there, Cargo Index over HTTP is now prefered over git for package updates: we should not force users who do not need the GIT repo to have the repo created/updated on each publish (it can still be created in the packages settings). The current behavior when publishing is to check if the repo exist and create it on the fly if not, then update it's content. Cargo HTTP Index does not rely on the repo itself so this will be useless for everyone not using the git protocol for cargo registry. This PR only disable the creation on the fly of the repo when publishing a crate. This is linked to #26844 (error 500 when trying to publish a crate if user is missing write access to the repo) because it's now optional. --------- Co-authored-by: KN4CK3R <admin@oldschoolhack.me>	2023-10-24 03:26:38 +00:00
Nanguan Lin	5b6258a0b9	Fix the wrong HTTP response status code for duplicate packages (#27480) ... fix #27470 (hope there is nothing missing 😢 ) --------- Co-authored-by: KN4CK3R <admin@oldschoolhack.me>	2023-10-10 15:39:58 +02:00
JakobDev	7047df36d4	Another round of `db.DefaultContext` refactor (#27103) ... Part of #27065 --------- Co-authored-by: KN4CK3R <admin@oldschoolhack.me>	2023-09-25 13:17:37 +00:00
KN4CK3R	d513628db9	Allow empty Conan files (#27092) ... Fixes #27090 Looks like the Conan upload process has changed since last year. The empty uploads don't occur anymore.	2023-09-15 23:14:36 +00:00
JakobDev	c548dde205	More refactoring of `db.DefaultContext` (#27083) ... Next step of #27065	2023-09-15 06:13:19 +00:00
CaiCandong	a78c2eae24	Replace `util.SliceXxx` with `slices.Xxx` (#26958)	2023-09-07 09:37:47 +00:00
Lunny Xiao	540bf9fa6d	Move notification interface to services layer (#26915) ... Extract from #22266	2023-09-05 18:37:47 +00:00
KN4CK3R	0eebeeec90	Remove `Named` interface (#26913) ... `Named` is implemented by every `Method` and future implementations should implement the method too.	2023-09-05 15:58:30 +00:00
merlleu	a587d25261	Add auth-required to config.json for Cargo http registry (#26729) ... Cargo registry-auth feature requires config.json to have a property auth-required set to true in order to send token to all registry requests. This is ok for git index because you can manually edit the config.json file to add the auth-required, but when using sparse (setting index url to "sparse+https://git.example.com/api/packages/{owner}/cargo/"), the config.json is dynamically rendered, and does not reflect changes to the config.json file in the repo. I see two approaches: - Serve the real config.json file when fetching the config.json on the cargo service. - Automatically detect if the registry requires authorization. (This is what I implemented in this PR). What the PR does: - When a cargo index repository is created, on the config.json, set auth-required to wether or not the repository is private. - When the cargo/config.json endpoint is called, set auth-required to wether or not the request was authorized using an API token.	2023-08-28 07:05:39 +00:00
KN4CK3R	ecd51f710b	Fix NuGet search endpoints (#25613) ... Fixes #25564 Fixes #23191 - Api v2 search endpoint should return only the latest version matching the query - Api v3 search endpoint should return `take` packages not package versions	2023-08-14 02:50:55 +00:00
KN4CK3R	2d7fe4cc1e	Fix handling of plenty Nuget package versions (#26075) ... Fixes #25953 - Do not load full version information (v3) - Add pagination support (v2)	2023-07-26 19:43:21 +00:00
KN4CK3R	6aa30af724	Fix handling of Debian files with trailing slash (#26087) ... Fixes #26022 - Fix handling of files with trailing slash - Fix handling of duplicate package file errors - Added test for both	2023-07-24 16:19:44 +02:00
delvh	f3d41c61eb	Remove `db.DefaultContext` in `routers/` and `cmd/` (#26076) ... Now, the only remaining usages of `models.db.DefaultContext` are in - `modules` - `models` - `services`	2023-07-23 23:47:27 -04:00
wxiaoguang	9b25bfa8f4	Remove redundant "RouteMethods" method (#26024) ... The `RouteMethods` is mainly an alias for `Methods` with different argument order. Remove it to keep the "route.go" code clear	2023-07-21 00:43:49 +02:00
KN4CK3R	bd82d8974e	Add support for different Maven POM encoding (#25873) ... Fixes #25853 - Maven POM files aren't always UTF-8 encoded. - Reject the upload of unparsable POM files	2023-07-14 09:39:15 +00:00
KN4CK3R	115f40e433	Test if container blob is accessible before mounting (#22759) ... related #16865 This PR adds an accessibility check before mounting container blobs. --------- Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: silverwind <me@silverwind.io>	2023-07-09 11:24:43 +00:00
silverwind	88f835192d	Replace `interface{}` with `any` (#25686) ... Result of running `perl -p -i -e 's#interface\{\}#any#g' **/*` and `make fmt`. Basically the same [as golang did](2580d0e08d).	2023-07-04 18:36:08 +00:00
KN4CK3R	c890454769	Add direct serving of package content (#25543) ... Fixes #24723 Direct serving of content aka HTTP redirect is not mentioned in any of the package registry specs but lots of official registries do that so it should be supported by the usual clients.	2023-07-03 15:33:28 +02:00
wxiaoguang	4e2f1ee58d	Refactor web package and context package (#25298) ... 1. The "web" package shouldn't depends on "modules/context" package, instead, let each "web context" register themselves to the "web" package. 2. The old Init/Free doesn't make sense, so simplify it * The ctx in "Init(ctx)" is never used, and shouldn't be used that way * The "Free" is never called and shouldn't be called because the SSPI instance is shared --------- Co-authored-by: Giteabot <teabot@gitea.io>	2023-06-18 09:59:09 +02:00
KN4CK3R	cdb088cec2	Add CRAN package registry (#22331) ... This PR adds a [CRAN](https://cran.r-project.org/) package registry. 	2023-05-22 10:57:49 +08:00
wxiaoguang	6b33152b7d	Decouple the different contexts from each other (#24786) ... Replace #16455 Close #21803 Mixing different Gitea contexts together causes some problems: 1. Unable to respond proper content when error occurs, eg: Web should respond HTML while API should respond JSON 2. Unclear dependency, eg: it's unclear when Context is used in APIContext, which fields should be initialized, which methods are necessary. To make things clear, this PR introduces a Base context, it only provides basic Req/Resp/Data features. This PR mainly moves code. There are still many legacy problems and TODOs in code, leave unrelated changes to future PRs.	2023-05-21 09:50:53 +08:00
KN4CK3R	5968c63a11	Add Go package registry (#24687) ... Fixes #7608 This PR adds a Go package registry usable with the Go proxy protocol. 	2023-05-14 23:38:40 +08:00
KN4CK3R	9173e079ae	Add Alpine package registry (#23714) ... This PR adds an Alpine package registry. You can follow [this tutorial](https://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package) to build a *.apk package for testing. This functionality is similar to the Debian registry (#22854) and therefore shares some methods. I marked this PR as blocked because it should be merged after #22854.  --------- Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Giteabot <teabot@gitea.io>	2023-05-12 17:27:50 +00:00
KN4CK3R	05209f0d1d	Add RPM registry (#23380) ... Fixes #20751 This PR adds a RPM package registry. You can follow [this tutorial](https://opensource.com/article/18/9/how-build-rpm-packages) to build a *.rpm package for testing. This functionality is similar to the Debian registry (#22854) and therefore shares some methods. I marked this PR as blocked because it should be merged after #22854. 	2023-05-05 20:33:37 +00:00
KN4CK3R	723598b803	Implement Cargo HTTP index (#24452) ... This implements the HTTP index [RFC](https://rust-lang.github.io/rfcs/2789-sparse-index.html) for Cargo registries. Currently this is a preview feature and you need to use the nightly of `cargo`: `cargo +nightly -Z sparse-registry update` See https://github.com/rust-lang/cargo/issues/9069 for more information. --------- Co-authored-by: Giteabot <teabot@gitea.io>	2023-05-03 16:58:43 -04:00
KN4CK3R	bf999e4069	Add Debian package registry (#24426) ... Co-authored-by: @awkwardbunny This PR adds a Debian package registry. You can follow [this tutorial](https://www.baeldung.com/linux/create-debian-package) to build a *.deb package for testing. Source packages are not supported at the moment and I did not find documentation of the architecture "all" and how these packages should be treated.  Part of #20751. Revised copy of #22854. --------- Co-authored-by: Brian Hong <brian@hongs.me> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Giteabot <teabot@gitea.io>	2023-05-02 12:31:35 -04:00
Yarden Shoham	c0ddec8a2a	Revert "Add Debian package registry" (#24412) ... Reverts go-gitea/gitea#22854	2023-04-28 18:06:41 -04:00
KN4CK3R	bf77e2163b	Add Debian package registry (#22854) ... Co-authored-by: @awkwardbunny This PR adds a Debian package registry. You can follow [this tutorial](https://www.baeldung.com/linux/create-debian-package) to build a *.deb package for testing. Source packages are not supported at the moment and I did not find documentation of the architecture "all" and how these packages should be treated. --------- Co-authored-by: Brian Hong <brian@hongs.me> Co-authored-by: techknowlogick <techknowlogick@gitea.io>	2023-04-28 17:51:36 -04:00
John Olheiser	5e36024105	Require repo scope for PATs for private repos and basic authentication (#24362) ... > The scoped token PR just checked all API routes but in fact, some web routes like `LFS`, git `HTTP`, container, and attachments supports basic auth. This PR added scoped token check for them. --------- Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2023-04-26 19:24:03 -05:00
wxiaoguang	b9a97ccd0e	Refactor web route (#24080) ... The old code is unnecessarily complex, and has many misuses. Old code "wraps" a lot, wrap wrap wrap, it's difficult to understand which kind of handler is used. The new code uses a general approach, we do not need to write all kinds of handlers into the "wrapper", do not need to wrap them again and again. New code, there are only 2 concepts: 1. HandlerProvider: `func (h any) (handlerProvider func (next) http.Handler)`, it can be used as middleware 2. Use HandlerProvider to get the final HandlerFunc, and use it for `r.Get()` And we can decouple the route package from context package (see the TODO). # FAQ ## Is `reflect` safe? Yes, all handlers are checked during startup, see the `preCheckHandler` comment. If any handler is wrong, developers could know it in the first time. ## Does `reflect` affect performance? No. https://github.com/go-gitea/gitea/pull/24080#discussion_r1164825901 1. This reflect code only runs for each web handler call, handler is far more slower: 10ms-50ms 2. The reflect is pretty fast (comparing to other code): 0.000265ms 3. XORM has more reflect operations already	2023-04-20 14:49:06 -04:00
yp05327	bb6c670cff	Add actions support to package auth verification (#23729) ... Partly fixes https://github.com/go-gitea/gitea/issues/23642 Error info:  ActionsUser (userID -2) is used to login in to docker in action jobs. Due to we have no permission policy settings of ActionsUser now, ActionsUser can only access public registry by this quick fix.	2023-04-10 15:21:03 +08:00
KN4CK3R	fbd4eaceed	Display image size for multiarch container images (#23821) ... Fixes #23771 Changes the display of different architectures for multiarch images to show the image size: 	2023-04-02 17:53:37 +08:00