gitea

mirror of https://github.com/go-gitea/gitea.git synced 2024-05-21 06:06:10 +02:00

Author	SHA1	Message	Date
Sergey Zolotarev	7b79be24ca	Fix panic in storageHandler (#27446 ) storageHandler() is written as a middleware but is used as an endpoint handler, and thus `next` is actually `nil`, which causes a null pointer dereference when a request URL does not match the pattern (where it calls `next.ServerHTTP()`). Example CURL command to trigger the panic: ``` curl -I "http://yourhost/gitea//avatars/a" ``` Fixes #27409 --- Note: the diff looks big but it's actually a small change - all I did was to remove the outer closure (and one level of indentation) ~and removed the HTTP method and pattern checks as they seem redundant because go-chi already does those checks~. You might want to check "Hide whitespace" when reviewing it. Alternative solution (a bit simpler): append `, misc.DummyOK` to the route declarations that utilize `storageHandler()` - this makes it return an empty response when the URL is invalid. I've tested this one and it works too. Or maybe it would be better to return a 400 error in that case (?)	2023-10-06 13:23:14 +00:00
Lunny Xiao	d6dd6d641b	Fix all possible setting error related storages and added some tests (#23911 ) Follow up #22405 Fix #20703 This PR rewrites storage configuration read sequences with some breaks and tests. It becomes more strict than before and also fixed some inherit problems. - Move storage's MinioConfig struct into setting, so after the configuration loading, the values will be stored into the struct but not still on some section. - All storages configurations should be stored on one section, configuration items cannot be overrided by multiple sections. The prioioty of configuration is `[attachment]` > `[storage.attachments]` \| `[storage.customized]` > `[storage]` > `default` - For extra override configuration items, currently are `SERVE_DIRECT`, `MINIO_BASE_PATH`, `MINIO_BUCKET`, which could be configured in another section. The prioioty of the override configuration is `[attachment]` > `[storage.attachments]` > `default`. - Add more tests for storages configurations. - Update the storage documentations. --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2023-06-14 11:42:38 +08:00
wxiaoguang	a94a8d0ab1	Use standard HTTP library to serve files (#24693 ) `http.ServeFile/ServeContent` handles `If-xxx`, `Content-Length`, `Range` and `Etag` correctly After this PR, storage files (eg: avatar) could be responded with correct Content-Length.	2023-05-13 16:04:57 +02:00
wxiaoguang	5d77691d42	Improve template system and panic recovery (#24461 ) Partially for #24457 Major changes: 1. The old `signedUserNameStringPointerKey` is quite hacky, use `ctx.Data[SignedUser]` instead 2. Move duplicate code from `Contexter` to `CommonTemplateContextData` 3. Remove incorrect copying&pasting code `ctx.Data["Err_Password"] = true` in API handlers 4. Use one unique `RenderPanicErrorPage` for panic error page rendering 5. Move `stripSlashesMiddleware` to be the first middleware 6. Install global panic recovery handler, it works for both `install` and `web` 7. Make `500.tmpl` only depend minimal template functions/variables, avoid triggering new panics Screenshot: <details> ![image](https://user-images.githubusercontent.com/2114189/235444895-cecbabb8-e7dc-4360-a31c-b982d11946a7.png) </details>	2023-05-04 14:36:34 +08:00
wxiaoguang	e3750370df	Use globally shared HTMLRender (#24436 ) The old `HTMLRender` is not ideal. 1. It shouldn't be initialized multiple times, it consumes a lot of memory and is slow. 2. It shouldn't depend on short-lived requests, the `WatchLocalChanges` needs a long-running context. 3. It doesn't make sense to use FuncsMap slice. HTMLRender was designed to only work for GItea's specialized 400+ templates, so it's good to make it a global shared instance.	2023-04-30 08:22:23 -04:00
wxiaoguang	92fd3fc4fd	Refactor "route" related code, fix Safari cookie bug (#24330 ) Fix #24176 Clean some misuses of route package, clean some legacy FIXMEs --------- Co-authored-by: Giteabot <teabot@gitea.io>	2023-04-27 02:06:45 -04:00
wxiaoguang	1ab16e48cc	Improve Wiki TOC (#24137 ) The old code has a lot of technical debts, eg: `repo/wiki/view.tmpl` / `Iterate` This PR improves the Wiki TOC display and improves the code. --------- Co-authored-by: delvh <dev.lh@web.de>	2023-04-17 15:05:19 -04:00
wxiaoguang	ce9dee5a1e	Introduce path Clean/Join helper functions (#23495 ) Since #23493 has conflicts with latest commits, this PR is my proposal for fixing #23371 Details are in the comments And refactor the `modules/options` module, to make it always use "filepath" to access local files. Benefits: * No need to do `util.CleanPath(strings.ReplaceAll(p, "\\", "/"))), "/")` any more (not only one before) * The function behaviors are clearly defined	2023-03-21 16:02:49 -04:00
Yarden Shoham	af0468ed8d	Set `X-Gitea-Debug` header once (#23361 ) Instead of adding it # Before On the raw commit page: ![image](https://user-images.githubusercontent.com/20454870/223470744-cdf11898-e023-4198-8c8b-c294e5d78b73.png) # After ![image](https://user-images.githubusercontent.com/20454870/223470596-af898d66-bd5b-4ddb-b220-ceb1f149bfec.png) Fixes #23308 --------- Signed-off-by: Yarden Shoham <hrsi88@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: John Olheiser <john.olheiser@gmail.com>	2023-03-08 15:40:04 -05:00
Lunny Xiao	b116418f05	Use CleanPath instead of path.Clean (#23371 ) As title.	2023-03-08 20:17:39 +08:00
flynnnnnnnnnn	e81ccc406b	Implement FSFE REUSE for golang files (#21840 ) Change all license headers to comply with REUSE specification. Fix #16132 Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github> Co-authored-by: John Olheiser <john.olheiser@gmail.com>	2022-11-27 18:20:29 +00:00
zeripath	bb0ff77e46	Share HTML template renderers and create a watcher framework (#20218 ) The recovery, API, Web and package frameworks all create their own HTML Renderers. This increases the memory requirements of Gitea unnecessarily with duplicate templates being kept in memory. Further the reloading framework in dev mode for these involves locking and recompiling all of the templates on each load. This will potentially hide concurrency issues and it is inefficient. This PR stores the templates renderer in the context and stores this context in the NormalRoutes, it then creates a fsnotify.Watcher framework to watch files. The watching framework is then extended to the mailer templates which were previously not being reloaded in dev. Then the locales are simplified to a similar structure. Fix #20210 Fix #20211 Fix #20217 Signed-off-by: Andrew Thornton <art27@cantab.net>	2022-08-28 10:43:25 +01:00
silverwind	14178c56bb	Add Cache-Control header to html and api responses, add no-transform (#20432 ) `no-transform` allegedly disables CloudFlare auto-minify and we did not set caching headers on html or api requests, which seems good to have regardless. Transformation is still allowed for asset requests. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Andrew Thornton <art27@cantab.net>	2022-07-23 14:38:03 +08:00
Gusted	d55a0b7238	Refactor `i18n` to `locale` (#20153 ) * Refactor `i18n` to `locale` - Currently we're using the `i18n` variable naming for the `locale` struct. This contains locale's specific information and cannot be used for general i18n purpose, therefore refactoring it to `locale` makes more sense. - Ref: https://github.com/go-gitea/gitea/pull/20096#discussion_r906699200 * Update routers/install/install.go	2022-06-27 15:58:46 -05:00
Guo Y.K	3e5ea9a978	Update base.go (#19739 ) use http.StatusTemporaryRedirect(307) when serve avatar directly browser caches 301 redirections, pre-signed s3 url would expire at some later point Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>	2022-05-19 11:20:34 -04:00
KN4CK3R	3f280f89e7	Update HTTP status codes to modern codes (#18063 ) * 2xx/3xx/4xx/5xx -> http.Status... * http.StatusFound -> http.StatusTemporaryRedirect * http.StatusMovedPermanently -> http.StatusPermanentRedirect	2022-03-23 12:54:07 +08:00
zeripath	3f71ab9a12	Clean paths when looking in Storage (#19124 ) * Clean paths when looking in Storage Ensure paths are clean for minio aswell as local storage. Use url.Path not RequestURI/EscapedPath in storageHandler. Signed-off-by: Andrew Thornton <art27@cantab.net> * Apply suggestions from code review Co-authored-by: Lauris BH <lauris@nix.lv>	2022-03-22 17:02:26 -04:00
6543	54e9ee37a7	format with gofumpt (#18184 ) * gofumpt -w -l . * gofumpt -w -l -extra . * Add linter * manual fix * change make fmt	2022-01-20 18:46:10 +01:00
wxiaoguang	5bf8d5445e	Refactor Router Logger (#17308 ) Make router logger more friendly, show the related function name/file/line. [BREAKING] This PR substantially changes the logging format of the router logger. If you use this logging for monitoring e.g. fail2ban you will need to update this to match the new format.	2022-01-20 19:41:25 +08:00
Gusted	ab1379743e	Fix nil checking on typed interface (#17598 ) * Fix nil checking on typed interface - Partially resoles #17596 - Resolves SA4023 errors. - Ensure correctly that typed interface are nil. * Remove unnecessary code `NewBleveIndexer` will never return nil, even on errors. * Patch `NewBleveIndexer` * Fix low-level functions * Remove deadcode * Fix GetSession * Close Elastic search when err isn't nil * Update elastic_search.go Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2021-11-15 21:16:11 +08:00
Lunny Xiao	f494776931	Use a variable but a function for IsProd because of a slight performance increment (#17368 )	2021-10-20 16:37:19 +02:00
Lunny Xiao	37b29319aa	Fix bug of get context user (#17169 ) Co-authored-by: 6543 <6543@obermui.de>	2021-09-28 21:13:04 +08:00
zeripath	afd88a2418	Allow setting X-FRAME-OPTIONS (#16643 ) * Allow setting X-FRAME-OPTIONS This PR provides a mechanism to set the X-FRAME-OPTIONS header. Fix #7951 Signed-off-by: Andrew Thornton <art27@cantab.net> * Update docs/content/doc/advanced/config-cheat-sheet.en-us.md Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: John Olheiser <john.olheiser@gmail.com>	2021-08-06 16:47:10 -04:00
Lunny Xiao	fb3ffeb18d	Add sso.Group, context.Auth, context.APIAuth to allow auth special routes (#16086 ) * Add sso.Group, context.Auth, context.APIAuth to allow auth special routes * Remove unnecessary check * Rename sso -> auth * remove unused method of Auth interface	2021-06-09 19:53:16 +02:00
Lunny Xiao	1bfb0a24d8	Refactor routers directory (#15800 ) * refactor routers directory * move func used for web and api to common * make corsHandler a function to prohibit side efects * rm unused func Co-authored-by: 6543 <6543@obermui.de>	2021-06-09 01:33:54 +02:00

25 Commits