* Don't automatically delete repository files if they are present
Prior to this PR Gitea would delete any repository files if they are
present during creation or migration. This can in certain circumstances
lead to data-loss and is slightly unpleasant.
This PR provides a mechanism for Gitea to adopt repositories on creation
and otherwise requires an explicit flag for deletion.
PushCreate is slightly different - the create will cause adoption if
that is allowed otherwise it will delete the data if that is allowed.
Signed-off-by: Andrew Thornton <[email protected]>
* Update swagger
Signed-off-by: Andrew Thornton <[email protected]>
* Fix tests and migrate overwrite
Signed-off-by: Andrew Thornton <[email protected]>
* as per @lunny
Only offer to adopt or overwrite if the user can do that.
Allow the site administrator to adopt or overwrite in all
circumstances
Signed-off-by: Andrew Thornton <[email protected]>
* Use setting.Repository.DefaultBranch for the default branch
Signed-off-by: Andrew Thornton <[email protected]>
* Always set setting.Repository.DefaultBranch
Signed-off-by: Andrew Thornton <[email protected]>
* update swagger
Signed-off-by: Andrew Thornton <[email protected]>
* update templates
Signed-off-by: Andrew Thornton <[email protected]>
* ensure repo closed
Signed-off-by: Andrew Thornton <[email protected]>
* Rewrite of adoption as per @6543 and @lunny
Signed-off-by: Andrew Thornton <[email protected]>
* Apply suggestions from code review
* update swagger
Signed-off-by: Andrew Thornton <[email protected]>
* missing not
Signed-off-by: Andrew Thornton <[email protected]>
* add modals and flash reporting
Signed-off-by: Andrew Thornton <[email protected]>
* Make the unadopted page searchable
Signed-off-by: Andrew Thornton <[email protected]>
* Add API
Signed-off-by: Andrew Thornton <[email protected]>
* Fix swagger
Signed-off-by: Andrew Thornton <[email protected]>
* fix swagger
Signed-off-by: Andrew Thornton <[email protected]>
* Handle empty and non-master branched repositories
Signed-off-by: Andrew Thornton <[email protected]>
* placate lint
Signed-off-by: Andrew Thornton <[email protected]>
* remove commented out code
Signed-off-by: Andrew Thornton <[email protected]>
Co-authored-by: techknowlogick <[email protected]>
* Add configurable Trust Models
Gitea's default signature verification model differs from GitHub. GitHub
uses signatures to verify that the committer is who they say they are -
meaning that when GitHub makes a signed commit it must be the committer.
The GitHub model prevents re-publishing of commits after revocation of a
key and prevents re-signing of other people's commits to create a
completely trusted repository signed by one key or a set of trusted
keys.
The default behaviour of Gitea in contrast is to always display the
avatar and information related to a signature. This allows signatures to
be decoupled from the committer. That being said, allowing arbitary
users to present other peoples commits as theirs is not necessarily
desired therefore we have a trust model whereby signatures from
collaborators are marked trusted, signatures matching the commit line
are marked untrusted and signatures that match a user in the db but not
the committer line are marked unmatched.
The problem with this model is that this conflicts with Github therefore
we need to provide an option to allow users to choose the Github model
should they wish to.
Signed-off-by: Andrew Thornton <[email protected]>
* Adjust locale strings
Signed-off-by: Andrew Thornton <[email protected]>
* as per @6543
Co-authored-by: 6543 <[email protected]>
* Update models/gpg_key.go
* Add migration for repository
Signed-off-by: Andrew Thornton <[email protected]>
Co-authored-by: 6543 <[email protected]>
Co-authored-by: Lunny Xiao <[email protected]>
* LFS support to be stored on minio
* Fix test
* Fix lint
* Fix lint
* Fix check
* Fix test
* Update documents and add migration for LFS
* Fix some bugs
* Restrict TLS connections to 1.2 minimum
* Set Argon2 as the default KDF
* Fix user.yml
* Remove TLS minversion changes
Signed-off-by: Andrew Thornton <[email protected]>
* Add migration as per @techknowlogick
Signed-off-by: Andrew Thornton <[email protected]>
* set the password algo in the fixtures
Signed-off-by: Andrew Thornton <[email protected]>
* Remove the v148 migration - it needs recreate table to change the defaults
Signed-off-by: Andrew Thornton <[email protected]>
Co-authored-by: Nadim Kobeissi <[email protected]>
* Support elastic search for code search
* Finished elastic search implementation and add some tests
* Enable test on drone and added docs
* Add new fields to elastic search
* Fix bug
* remove unused changes
* Use indexer alias to keep the gitea indexer version
* Improve codes
* Some code improvements
* The real indexer name changed to xxx.v1
Co-authored-by: zeripath <[email protected]>
MySQL in its infinite wisdom determines that UTF8 does not
mean UTF8. Our install scripts know about this and will set
CHARSET to utf8mb4 if we users choose this but... users who
do not explicitly set this variable will default to utf8mb3
without knowing it.
This PR changes the unset CHARSET value to utf8mb4 if users
choose to use mysql.
Signed-off-by: Andrew Thornton <[email protected]>
* Disable password complexity check default
These features enourange bad passwords/are annoying for people using better password methods, and at minimum we shouldn't force that as a default for obvious reasons. Disable any default check to avoid regular complaints.
* fix copy paste format
* docs: update heading
This section covers more paths than the 3 listed in the heading.
* setting: change PIDFile default from /var/run/gitea.pid to /run/gitea.pid
On most modern distributions, /var/run is deprecated and only kept for
backwards compat according to
https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch05s13.html, and is a
symlink to `/run/` on modern distributions.
Old Distros that still don't have `/run` can update the gitea default as
described in from-source.en-us.md to point to the old location.
Co-authored-by: Lauris BH <[email protected]>
Co-authored-by: Lunny Xiao <[email protected]>
* Add a storage layer for attachments
* Fix some bug
* fix test
* Fix copyright head and lint
* Fix bug
* Add setting for minio and flags for migrate-storage
* Add documents
* fix lint
* Add test for minio store type on attachments
* fix test
* fix test
* Apply suggestions from code review
Co-authored-by: guillep2k <[email protected]>
* Add warning when storage migrated successfully
* Fix drone
* fix test
* rebase
* Fix test
* display the error on console
* Move minio test to amd64 since minio docker don't support arm64
* refactor the codes
* add trace
* Fix test
* remove log on xorm
* Fi download bug
* Add a storage layer for attachments
* Add setting for minio and flags for migrate-storage
* fix lint
* Add test for minio store type on attachments
* Apply suggestions from code review
Co-authored-by: guillep2k <[email protected]>
* Fix drone
* fix test
* Fix test
* display the error on console
* Move minio test to amd64 since minio docker don't support arm64
* refactor the codes
* add trace
* Fix test
* Add URL function to serve attachments directly from S3/Minio
* Add ability to enable/disable redirection in attachment configuration
* Fix typo
* Add a storage layer for attachments
* Add setting for minio and flags for migrate-storage
* fix lint
* Add test for minio store type on attachments
* Apply suggestions from code review
Co-authored-by: guillep2k <[email protected]>
* Fix drone
* fix test
* Fix test
* display the error on console
* Move minio test to amd64 since minio docker don't support arm64
* don't change unrelated files
* Fix lint
* Fix build
* update go.mod and go.sum
* Use github.com/minio/minio-go/v6
* Remove unused function
* Upgrade minio to v7 and some other improvements
* fix lint
* Fix go mod
Co-authored-by: guillep2k <[email protected]>
Co-authored-by: Tyler <[email protected]>
#12391 offered to change the default PID file from /var/run/gitea.pid however in discussion it was decided that this could break users of older systems. An alternative was offered that we could make the PID file compile/link time settable.
This PR does this, and changes the name of the setting from CustomPID to simply PIDFile. It also updates the from-source docs to show how to change the compiler settings to do this.
Closes#12391
Signed-off-by: Andrew Thornton <[email protected]>
Co-authored-by: Florian Klink <[email protected]>
This removes the jQuery plugin as well as the associated config options.
Native input[type=date] does not require a language attribute as it is
localized by default, except for the placeholder attribute for which I
currently piggy-back the repo.issues.due_date_form localization option.
Implementation should pretty much match GH. Of note is that Safari does
not provide a UI for this input type, but I don't think providing one is
neccessary and GH did not bother either.
Co-authored-by: techknowlogick <[email protected]>
* Dump: Use mholt/archive/v3 to support tar including many compressions
Signed-off-by: Philipp Homann <[email protected]>
* Dump: Allow dump output to stdout
Signed-off-by: Philipp Homann <[email protected]>
* Dump: Fixed bug present since #6677 where SessionConfig.Provider is never "file"
Signed-off-by: Philipp Homann <[email protected]>
* Dump: never pack RepoRootPath, LFS.ContentPath and LogRootPath when they are below AppDataPath
Signed-off-by: Philipp Homann <[email protected]>
* Dump: also dump LFS (fixes#10058)
Signed-off-by: Philipp Homann <[email protected]>
* Dump: never dump CustomPath if CustomPath is a subdir of or equal to AppDataPath (fixes#10365)
Signed-off-by: Philipp Homann <[email protected]>
* Use log.Info instead of fmt.Fprintf
Signed-off-by: Philipp Homann <[email protected]>
* import ordering
* make fmt
Co-authored-by: zeripath <[email protected]>
Co-authored-by: techknowlogick <[email protected]>
Co-authored-by: Matti R <[email protected]>
* Allow site admin to disable mirrors
Signed-off-by: jolheiser <[email protected]>
* No need to run through Safe
Signed-off-by: jolheiser <[email protected]>
* Clarify only disabling NEW mirrors
Signed-off-by: jolheiser <[email protected]>
* Apply suggestions from @guillep2k
Co-authored-by: guillep2k <[email protected]>
Co-authored-by: guillep2k <[email protected]>
* Fix chardet test and add ordering option
Signed-off-by: Andrew Thornton <[email protected]>
* minor fixes
Signed-off-by: Andrew Thornton <[email protected]>
* remove log
Signed-off-by: Andrew Thornton <[email protected]>
* remove log2
Signed-off-by: Andrew Thornton <[email protected]>
* only iterate through top results
Signed-off-by: Andrew Thornton <[email protected]>
* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md
* slight restructure of for loop
Signed-off-by: Andrew Thornton <[email protected]>
Co-authored-by: techknowlogick <[email protected]>
GH has different HardBreaks behaviour for markdown comments and documents.
Comments have hard breaks and documents have soft breaks - therefore Gitea's rendering will always be different from GH's if we only provide one setting.
Here we split the setting in to two - one for documents and one for comments and other things.
Signed-off-by: Andrew Thornton [email protected]
Changes to index.js as per @silverwind
Co-authored-by: silverwind <[email protected]>
Changes to docs as per @guillep2k
Co-authored-by: guillep2k <[email protected]>
InternalTokens are fixed as alphanum strings therefore TrimSpace from these.
Also use isatty to not add a terminal newline when redirecting generate.
Fix#11498
Signed-off-by: Andrew Thornton <[email protected]>
Co-authored-by: Lauris BH <[email protected]>
* Refactor Cron and merge dashboard tasks
* Merge Cron and Dashboard tasks
* Make every cron task report a system notice on completion
* Refactor the creation of these tasks
* Ensure that execution counts of tasks is correct
* Allow cron tasks to be started from the cron page
* golangci-lint fixes
* Enforce that only one task with the same name can be registered
Signed-off-by: Andrew Thornton <[email protected]>
* fix name check
Signed-off-by: Andrew Thornton <[email protected]>
* as per @guillep2k
* as per @lafriks
Signed-off-by: Andrew Thornton <[email protected]>
* Add git.CommandContext variants
Signed-off-by: Andrew Thornton <[email protected]>
Co-authored-by: Lauris BH <[email protected]>
Co-authored-by: Lunny Xiao <[email protected]>
Co-authored-by: techknowlogick <[email protected]>
* Allow log.xxx.default to set logging settings for the default logger only
Signed-off-by: Andrew Thornton <[email protected]>
* Update modules/setting/log.go
* as per @silverwind add some documentation
Signed-off-by: Andrew Thornton <[email protected]>
Co-authored-by: techknowlogick <[email protected]>
* Make sure that sendmail processes register with the process manager
* Provide a timeout for these (initially of 5 minutes)
* Add configurable value and tie in to documentation
* Tie in to the admin config page.
Signed-off-by: Andrew Thornton <[email protected]>
In #9888, it was reported that my earlier pull request #9075 didn't quite function as expected. I was quite hopeful the `ValuesWithShadow()` worked as expected (and, I thought my testing showed it did) but I guess not. @zeripath proposed an alternative syntax which I like:
```ini
[markup.sanitizer.1]
ELEMENT=a
ALLOW_ATTR=target
REGEXP=something
[markup.sanitizer.2]
ELEMENT=a
ALLOW_ATTR=target
REGEXP=something
```
This was quite easy to adopt into the existing code. I've done so in a semi-backwards-compatible manner:
- The value from `.Value()` is used for each element.
- We parse `[markup.sanitizer]` and all `[markup.sanitizer.*]` sections and add them as rules.
This means that existing configs will load one rule (not all rules). It also means people can use string identifiers (`[markup.sanitiser.KaTeX]`) if they prefer, instead of numbered ones.
Co-authored-by: Andrew Thornton <[email protected]>
Co-authored-by: guillep2k <[email protected]>
* Use AJAX for notifications table
Signed-off-by: Andrew Thornton <[email protected]>
* move to separate js
Signed-off-by: Andrew Thornton <[email protected]>
* placate golangci-lint
Signed-off-by: Andrew Thornton <[email protected]>
* Add autoupdating notification count
Signed-off-by: Andrew Thornton <[email protected]>
* Fix wipeall
Signed-off-by: Andrew Thornton <[email protected]>
* placate tests
Signed-off-by: Andrew Thornton <[email protected]>
* Try hidden
Signed-off-by: Andrew Thornton <[email protected]>
* Try hide and hidden
Signed-off-by: Andrew Thornton <[email protected]>
* More auto-update improvements
Only run checker on pages that have a count
Change starting checker to 10s with a back-off to 60s if there is no change
Signed-off-by: Andrew Thornton <[email protected]>
* string comparison!
Signed-off-by: Andrew Thornton <[email protected]>
* as per @silverwind
Signed-off-by: Andrew Thornton <[email protected]>
* add configurability as per @6543
Signed-off-by: Andrew Thornton <[email protected]>
* Add documentation as per @6543
Signed-off-by: Andrew Thornton <[email protected]>
* Use CSRF header not query
Signed-off-by: Andrew Thornton <[email protected]>
* Further JS improvements
Fix @etzelia update notification table request
Fix @silverwind comments
Co-Authored-By: silverwind <[email protected]>
Signed-off-by: Andrew Thornton <[email protected]>
* Simplify the notification count fns
Signed-off-by: Andrew Thornton <[email protected]>
Co-authored-by: silverwind <[email protected]>
Some OAuth2 providers return quite large structured tokens >32767 bytes.
Gitea currently has a fixed maximum of 32767 bytes for these and
unfortunately due to the convoluted nature of the dependent libraries the
error returned is rather opaque.
Here we manage the error a little better - detecting the rather opaque
github.com/gorilla/securecookie.errEncodedValueTooLong and converting
it to a more readable error.
Further we provide a configurable option to increase the maximum size of
the provided OAuth2 tokens.
Fix#9907
Signed-off-by: Andrew Thornton <[email protected]>
Co-authored-by: techknowlogick <[email protected]>
* Add more logging in the LFS server
Adds more logging in the LFS server and stops sending internal server
error information to the client
* Add LFS Lock cursor implementation
* Simplify Claims in LFS and remove the float64 casts
Signed-off-by: Andrew Thornton <[email protected]>
Co-authored-by: Lauris BH <[email protected]>
techknowlogick
6543
Lunny Xiao
Tait Hoyem
zeripath
John Olheiser
mrsdizzie
Florian Klink
Lanre Adelowo
Wim
Stormxx
silverwind
PhilippHomann
Emanuel Angelo
Alexander Scheel
S7evinK
guillep2k