171 Commits

Author	SHA1	Message	Date
KN4CK3R	df789d962b	Add Cargo package registry (#21888) ... This PR implements a [Cargo registry](https://doc.rust-lang.org/cargo/) to manage Rust packages. This package type was a little bit more complicated because Cargo needs an additional Git repository to store its package index. Screenshots:    --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2023-02-05 18:12:31 +08:00
zeripath	2914c5299b	Improve error report when user passes a private key (#22726) ... The error reported when a user passes a private ssh key as their ssh public key is not very nice. This PR improves this slightly. Ref #22693 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: delvh <dev.lh@web.de>	2023-02-02 18:25:54 +00:00
Felipe Leopoldo Sologuren Gutiérrez	15c035775a	Add main landmark to templates and adjust titles (#22670) ... * Add main aria landmark to templates * Adjust some titles to improve understanding of location in navigation Contributed by @Forgejo	2023-02-01 22:56:10 +00:00
KN4CK3R	5882e179a9	Add user secrets (#22191) ... Fixes #22183 Replaces #22187 This PR adds secrets for users. I refactored the files for organizations and repos to use the same logic and templates. I splitted the secrets from deploy keys again and reverted the fix from #22187. --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2023-02-01 20:53:04 +08:00
Lunny Xiao	6fe3c8b398	Support org/user level projects (#22235) ... Fix #13405 <img width="1151" alt="image" src="https://user-images.githubusercontent.com/81045/209442911-7baa3924-c389-47b6-b63b-a740803e640e.png"> Co-authored-by: 6543 <6543@obermui.de>	2023-01-20 19:42:33 +08:00
Chongyi Zheng	de484e86bc	Support scoped access tokens (#20908) ... This PR adds the support for scopes of access tokens, mimicking the design of GitHub OAuth scopes. The changes of the core logic are in `models/auth` that `AccessToken` struct will have a `Scope` field. The normalized (no duplication of scope), comma-separated scope string will be stored in `access_token` table in the database. In `services/auth`, the scope will be stored in context, which will be used by `reqToken` middleware in API calls. Only OAuth2 tokens will have granular token scopes, while others like BasicAuth will default to scope `all`. A large amount of work happens in `routers/api/v1/api.go` and the corresponding `tests/integration` tests, that is adding necessary scopes to each of the API calls as they fit. - [x] Add `Scope` field to `AccessToken` - [x] Add access control to all API endpoints - [x] Update frontend & backend for when creating tokens - [x] Add a database migration for `scope` column (enable 'all' access to past tokens) I'm aiming to complete it before Gitea 1.19 release. Fixes #4300	2023-01-17 15:46:03 -06:00
Felipe Leopoldo Sologuren Gutiérrez	04c97aa364	Change use of Walk to WalkDir to improve disk performance (#22462) ... As suggest by Go developers, use `filepath.WalkDir` instead of `filepath.Walk` because [*Walk is less efficient than WalkDir, introduced in Go 1.16, which avoids calling `os.Lstat` on every file or directory visited](https://pkg.go.dev/path/filepath#Walk). This proposition address that, in a similar way as https://github.com/go-gitea/gitea/pull/22392 did. Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2023-01-16 16:21:44 +00:00
techknowlogick	6f231a7980	Replace deprecated Webauthn library (#22400) ... Fix #22052 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2023-01-11 21:51:00 -05:00
Jason Song	477a1cc40e	Improve utils of slices (#22379) ... - Move the file `compare.go` and `slice.go` to `slice.go`. - Fix `ExistsInSlice`, it's buggy - It uses `sort.Search`, so it assumes that the input slice is sorted. - It passes `func(i int) bool { return slice[i] == target })` to `sort.Search`, that's incorrect, check the doc of `sort.Search`. - Conbine `IsInt64InSlice(int64, []int64)` and `ExistsInSlice(string, []string)` to `SliceContains[T]([]T, T)`. - Conbine `IsSliceInt64Eq([]int64, []int64)` and `IsEqualSlice([]string, []string)` to `SliceSortedEqual[T]([]T, T)`. - Add `SliceEqual[T]([]T, T)` as a distinction from `SliceSortedEqual[T]([]T, T)`. - Redesign `RemoveIDFromList([]int64, int64) ([]int64, bool)` to `SliceRemoveAll[T]([]T, T) []T`. - Add `SliceContainsFunc[T]([]T, func(T) bool)` and `SliceRemoveAllFunc[T]([]T, func(T) bool)` for general use. - Add comments to explain why not `golang.org/x/exp/slices`. - Add unit tests.	2023-01-11 13:31:16 +08:00
John Olheiser	fcd6ceef2b	fix: code search title translation (#22285) ... `code.title` isn't an existing translation. `explore.code` is the translation used for the tab, which I think matches closely enough for this instead of a brand new translation. Open to feedback on whether a new translation would be preferred instead. Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Lauris BH <lauris@nix.lv>	2023-01-02 17:18:08 +08:00
Gusted	b76970f2e4	Fix key signature error page (#22229) ... - When the GPG key contains an error, such as an invalid signature or an email address that does not match the user.A page will be shown that says you must provide a signature for the token. - This page had two errors: one had the wrong translation key and the other tried to use an undefined variable [`.PaddedKeyID`](e81ccc406b/models/asymkey/gpg_key.go (L65-L72)), which is a function implemented on the `GPGKey` struct, given that we don't have that, we use [`KeyID`](e81ccc406b/routers/web/user/setting/keys.go (L102)) which is [the fingerprint of the publickey](https://pkg.go.dev/golang.org/x/crypto/openpgp/packet#PublicKey.KeyIdString) and is a valid way for opengpg to refer to a key. Before:  After:  Co-authored-by: zeripath <art27@cantab.net>	2022-12-30 12:53:05 +08:00
KN4CK3R	a35749893b	Move `convert` package to services (#22264) ... Addition to #22256 The `convert` package relies heavily on different models which is [disallowed by our definition of modules](https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md#design-guideline). This helps to prevent possible import cycles. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2022-12-29 10:57:15 +08:00
KN4CK3R	309e86a9bf	Use dynamic package type list (#22263) ... Replace the hardcoded list with the dynamic list.	2022-12-29 00:31:54 +01:00
Lunny Xiao	36a2d2f919	Add a simple test for external renderer (#20033) ... Fix #16402	2022-12-12 20:45:21 +08:00
Lunny Xiao	68704532c2	Rename almost all Ctx functions (#22071)	2022-12-10 10:46:31 +08:00
Lunny Xiao	0a7d3ff786	refactor some functions to support ctx as first parameter (#21878) ... Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: Lauris BH <lauris@nix.lv>	2022-12-03 10:48:26 +08:00
Jason Song	f59a74852b	Update gitea-vet to check FSFE REUSE (#22004) ... Related to: - #21840 - https://gitea.com/gitea/gitea-vet/pulls/21 What it looks like when it's working: https://drone.gitea.io/go-gitea/gitea/64040/1/5 All available SPDX license identifiers: [SPDX License List](https://spdx.org/licenses/). Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2022-12-02 22:14:57 +08:00
flynnnnnnnnnn	e81ccc406b	Implement FSFE REUSE for golang files (#21840) ... Change all license headers to comply with REUSE specification. Fix #16132 Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github> Co-authored-by: John Olheiser <john.olheiser@gmail.com>	2022-11-27 18:20:29 +00:00
KN4CK3R	fc7a2d5a95	Add support for HEAD requests in Maven registry (#21834) ... Related #18543 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2022-11-24 16:25:13 +02:00
KN4CK3R	32db62515f	Add package registry cleanup rules (#21658) ... Fixes #20514 Fixes #20766 Fixes #20631 This PR adds Cleanup Rules for the package registry. This allows to delete unneeded packages automatically. Cleanup rules can be set up from the user or org settings. Please have a look at the documentation because I'm not a native english speaker. Rule Form  Rule List  Rule Preview  Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2022-11-20 16:08:38 +02:00
KN4CK3R	044c754ea5	Add `context.Context` to more methods (#21546) ... This PR adds a context parameter to a bunch of methods. Some helper `xxxCtx()` methods got replaced with the normal name now. Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2022-11-19 16:12:33 +08:00
delvh	0ebb45cfe7	Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) ... Found using `find . -type f -name '*.go' -print -exec vim {} -c ':%s/fmt\.Errorf(\(.*\)%v\(.*\)err/fmt.Errorf(\1%w\2err/g' -c ':wq' \;` Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2022-10-24 20:29:17 +01:00
M Hickford	191a74d622	Record OAuth client type at registration (#21316) ... The OAuth spec [defines two types of client](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1), confidential and public. Previously Gitea assumed all clients to be confidential. > OAuth defines two client types, based on their ability to authenticate securely with the authorization server (i.e., ability to > maintain the confidentiality of their client credentials): > > confidential > Clients capable of maintaining the confidentiality of their credentials (e.g., client implemented on a secure server with > restricted access to the client credentials), or capable of secure client authentication using other means. > > **public > Clients incapable of maintaining the confidentiality of their credentials (e.g., clients executing on the device used by the resource owner, such as an installed native application or a web browser-based application), and incapable of secure client authentication via any other means.** > > The client type designation is based on the authorization server's definition of secure authentication and its acceptable exposure levels of client credentials. The authorization server SHOULD NOT make assumptions about the client type. https://datatracker.ietf.org/doc/html/rfc8252#section-8.4 > Authorization servers MUST record the client type in the client registration details in order to identify and process requests accordingly. Require PKCE for public clients: https://datatracker.ietf.org/doc/html/rfc8252#section-8.1 > Authorization servers SHOULD reject authorization requests from native apps that don't use PKCE by returning an error message Fixes #21299 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2022-10-24 15:59:24 +08:00
KN4CK3R	876ee8c3cd	Allow package version sorting (#21453)	2022-10-23 09:18:15 +08:00
KN4CK3R	a577214760	Add some api integration tests (#18872) ... depends on #18871 Added some api integration tests to help testing of #18798. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>	2022-10-18 00:23:27 +08:00
Gusted	5d3dbffa15	Return 404 when user is not found on avatar (#21476) ... - Instead of returning a 500 Internal Server when the user wasn't found, return 404 Not found	2022-10-16 19:48:17 +01:00
Lauris BH	b59b0cad0a	Add user/organization code search (#19977) ... Fixes #19925 Screenshots: 	2022-10-11 00:12:03 +01:00
qwerty287	a813c9d8f3	Allow creation of OAuth2 applications for orgs (#18084) ... Adds the settings pages to create OAuth2 apps also to the org settings and allows to create apps for orgs. Refactoring: the oauth2 related templates are shared for instance-wide/org/user, and the backend code uses `OAuth2CommonHandlers` to share code for instance-wide/org/user. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2022-10-09 20:07:41 +08:00
qwerty287	08609d439d	Add pages to view watched repos and subscribed issues/PRs (#17156) ... Adds GitHub-like pages to view watched repos and subscribed issues/PRs This is my second try to fix this, but it is better than the first since it doesn't uses a filter option which could be slow when accessing `/issues` or `/pulls` and it shows both pulls and issues (the first try is #17053). Closes #16111 Replaces and closes #17053  Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2022-09-29 22:09:14 +03:00
KN4CK3R	dc0253b063	Replace `ServeStream` with `ServeContent` (#20903) ... * Replace ServeStream with ServeContent. * Update modules/timeutil/timestamp.go Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>	2022-08-25 12:05:21 -04:00
Lunny Xiao	1d8543e7db	Move some files into models' sub packages (#20262) ... * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>	2022-08-25 10:31:57 +08:00
CodeDoctor	aedfc923ad	Improve single repo action for issue and pull requests (#20730) ... Related to #20650. This will fix the behavior of the single repo action for pull requests and disables the button for other screens that don't have a single repo action currently.	2022-08-22 13:51:48 +01:00
zeripath	68f3aaee80	Remove calls to load Mirrors in user.Dashboard (#20855) ... Whilst looking at #20840 I noticed that the Mirrors data doesn't appear to be being used therefore we can remove this and in fact none of the related code is used elsewhere so it can also be removed. Related #20840 Related #20804 Signed-off-by: Andrew Thornton <art27@cantab.net> Signed-off-by: Andrew Thornton <art27@cantab.net>	2022-08-18 20:53:31 -04:00
techknowlogick	d8e6c99125	Add badge capabilities to users (#20607) ... Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: John Olheiser <john.olheiser@gmail.com>	2022-08-18 02:25:25 +03:00
parnic	7503cd35c2	Use the total issue count for UI (#20785) ... * Use the total issue count for UI This fixes a problem where the "All" line item on the Issues or Pull Requests page was only showing the count of the selected repos instead of the total of all issues/prs in all repos. The "total number of shown issues" number is now stashed in a different context variable in case it wants to be used by the frontend later. It's currently not being used. Fixes #20574 * Remove unused context variable Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2022-08-17 21:13:41 +08:00
CodeDoctor	36f9ee5813	Add an option to create new issues from "/issues" page (#20650)	2022-08-09 19:30:09 +08:00
6543	0b12abcfb5	Add missing Tabs on organisation/package view (Frontport #20539) (#20540) ... hotfix #20106	2022-07-31 14:32:51 +02:00
Tyrone Yeh	3bd8f50af8	Added email notification option to receive all own messages (#20179) ... Sometimes users want to receive email notifications of messages they create or reply to, Added an option to personal preferences to allow users to choose Closes #20149	2022-07-28 16:30:12 +08:00
KN4CK3R	86e5268c39	Add Docker /v2/_catalog endpoint (#20469) ... * Added properties for packages. * Fixed authenticate header format. * Added _catalog endpoint. * Check owner visibility. * Extracted condition. * Added test for _catalog. Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2022-07-28 11:59:39 +08:00
KN4CK3R	a3d55ac523	Hide internal package versions (#20492) ... * Hide internal versions from most searches. * Added test.	2022-07-27 09:59:10 +08:00
Tyrone Yeh	16edee85bd	Add repository condition for issue count (#20454) ... * Add repository condition for issue count * Update routers/web/user/home.go Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2022-07-24 19:53:40 +03:00
zeripath	bffa303020	Add option to purge users (#18064) ... Add the ability to purge users when deleting them. Close #15588 Signed-off-by: Andrew Thornton <art27@cantab.net>	2022-07-14 08:22:09 +01:00
zeripath	45f17528a8	Only show Followers that current user can access (#20220) ... Users who are following or being followed by a user should only be displayed if the viewing user can see them. Signed-off-by: Andrew Thornton <art27@cantab.net>	2022-07-05 16:47:45 +01:00
Lunny Xiao	85d960d2a1	Hide notify mail setting ui if not enabled (#20138)	2022-06-28 00:59:47 +08:00
Gusted	0048595811	Remove U2F support (#20141) ... - Completely remove U2F support from 1.18.0, 1.17.0 will be the last release that U2F is somewhat supported. Users who used U2F would already be warned about using U2F for a while now and should hopefully already be migrated. But starting 1.18 definitely remove it.	2022-06-26 21:20:58 -05:00
Gusted	5d3f99c7c6	Make better use of i18n (#20096) ... * Prototyping * Start work on creating offsets * Modify tests * Start prototyping with actual MPH * Twiddle around * Twiddle around comments * Convert templates * Fix external languages * Fix latest translation * Fix some test * Tidy up code * Use simple map * go mod tidy * Move back to data structure - Uses less memory by creating for each language a map. * Apply suggestions from code review Co-authored-by: delvh <dev.lh@web.de> * Add some comments * Fix tests * Try to fix tests * Use en-US as defacto fallback * Use correct slices * refactor (#4) * Remove TryTr, add log for missing translation key * Refactor i18n - Separate dev and production locale stores. - Allow for live-reloading in dev mode. Co-authored-by: zeripath <art27@cantab.net> * Fix live-reloading & check for errors * Make linter happy * live-reload with periodic check (#5) * Fix tests Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: zeripath <art27@cantab.net>	2022-06-26 22:19:22 +08:00
Jimmy Praet	b8cfd4605f	Respect setting.UI.FeedPagingNum (#20094) ... Fixes #20080	2022-06-23 11:50:37 +02:00
Wim	cb50375e2b	Add more linters to improve code readability (#19989) ... Add nakedret, unconvert, wastedassign, stylecheck and nolintlint linters to improve code readability - nakedret - https://github.com/alexkohler/nakedret - nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length. - unconvert - https://github.com/mdempsky/unconvert - Remove unnecessary type conversions - wastedassign - https://github.com/sanposhiho/wastedassign - wastedassign finds wasted assignment statements. - notlintlint - Reports ill-formed or insufficient nolint directives - stylecheck - https://staticcheck.io/docs/checks/#ST - keep style consistent - excluded: [ST1003 - Poorly chosen identifier](https://staticcheck.io/docs/checks/#ST1003) and [ST1005 - Incorrectly formatted error string](https://staticcheck.io/docs/checks/#ST1005)	2022-06-20 12:02:49 +02:00
Lauris BH	1f8f9c3826	Remove tab/TabName usage where it's not needed (#19973) ... `tab` query argument and `TabName` in context is used only in profile so remove it from all other places where it's not used anymore.	2022-06-15 23:05:32 +08:00
Lunny Xiao	1a9821f57a	Move issues related files into models/issues (#19931) ... * Move access and repo permission to models/perm/access * fix test * fix git test * Move functions sequence * Some improvements per @KN4CK3R and @delvh * Move issues related code to models/issues * Move some issues related sub package * Merge * Fix test * Fix test * Fix test * Fix test * Rename some files	2022-06-13 17:37:59 +08:00