This updates the repo index/file view endpoints so annex files match the way
LFS files are rendered, making annexed files accessible via the web instead of
being black boxes only accessible by git clone.
This mostly just duplicates the existing LFS logic. It doesn't try to combine itself
with the existing logic, to make merging with upstream easier. If upstream ever
decides to accept, I would like to try to merge the redundant logic.
The one bit that doesn't directly copy LFS is my choice to hide annex-symlinks.
LFS files are always _pointer files_ and therefore always render with the "file"
icon and no special label, but annex files come in two flavours: symlinks or
pointer files. I've conflated both kinds to try to give a consistent experience.
The tests in here ensure the correct download link (/media, from the last PR)
renders in both the toolbar and, if a binary file (like most annexed files will be),
in the main pane, but it also adds quite a bit of code to make sure text files
that happen to be annexed are dug out and rendered inline like LFS files are.
Previously, Gitea's LFS support allowed direct-downloads of LFS content,
via http://$HOSTNAME:$PORT/$USER/$REPO/media/branch/$BRANCH/$FILE
Expand that grace to git-annex too. Now /media should provide the
relevant *content* from the .git/annex/objects/ folder.
This adds tests too. And expands the tests to try symlink-based annexing,
since /media implicitly supports both that and pointer-file-based annexing.
This makes HTTP symmetric with SSH clone URLs.
This gives us the fancy feature of _anonymous_ downloads,
so people can access datasets without having to set up an
account or manage ssh keys.
Previously, to access "open access" data shared this way,
users would need to:
1. Create an account on gitea.example.com
2. Create ssh keys
3. Upload ssh keys (and make sure to find and upload the correct file)
4. `git clone git@gitea.example.com:user/dataset.git`
5. `cd dataset`
6. `git annex get`
This cuts that down to just the last three steps:
1. `git clone https://gitea.example.com/user/dataset.git`
2. `cd dataset`
3. `git annex get`
This is significantly simpler for downstream users, especially for those
unfamiliar with the command line.
Unfortunately there's no uploading. While git-annex supports uploading
over HTTP to S3 and some other special remotes, it seems to fail on a
_plain_ HTTP remote. See https://github.com/neuropoly/gitea/issues/7
and https://git-annex.branchable.com/forum/HTTP_uploads/#comment-ce28adc128fdefe4c4c49628174d9b92.
This is not a major loss since no one wants uploading to be anonymous anyway.
To support private repos, I had to hunt down and patch a secret extra security
corner that Gitea only applies to HTTP for some reason (services/auth/basic.go).
This was guided by https://git-annex.branchable.com/tips/setup_a_public_repository_on_a_web_site/
Fixes https://github.com/neuropoly/gitea/issues/3
Co-authored-by: Mathieu Guay-Paquet <mathieu.guaypaquet@polymtl.ca>
Backport #28023 by @6543
there was no check in place if a user could see a other user, if you
append e.g. `.rss`
(cherry picked from commit 69ea554e2362e5c4943c2463c2ec547bf631f18b)
Backport #27615 by @lng2020
close#27601
The Docker registry has an internal version, which leads to 404
Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
(cherry picked from commit 171950a0d45745743d519aeb547b2a93cfb6410d)
Backport #27446 by @sryze
storageHandler() is written as a middleware but is used as an endpoint
handler, and thus `next` is actually `nil`, which causes a null pointer
dereference when a request URL does not match the pattern (where it
calls `next.ServerHTTP()`).
Example CURL command to trigger the panic:
```
curl -I "http://yourhost/gitea//avatars/a"
```
Fixes#27409
---
Note: the diff looks big but it's actually a small change - all I did
was to remove the outer closure (and one level of indentation) ~and
removed the HTTP method and pattern checks as they seem redundant
because go-chi already does those checks~. You might want to check "Hide
whitespace" when reviewing it.
Alternative solution (a bit simpler): append `, misc.DummyOK` to the
route declarations that utilize `storageHandler()` - this makes it
return an empty response when the URL is invalid. I've tested this one
and it works too. Or maybe it would be better to return a 400 error in
that case (?)
Co-authored-by: Sergey Zolotarev <sryze@outlook.com>
(cherry picked from commit 4ffa683820188175570ea3a0faf9d93046042b91)
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.
(cherry-pick from eff097448b1ebd2a280fcdd55d10b1f6081e9ccd)
Conflicts:
modules/context/context_cookie.go
trivial context conflicts
routers/web/web.go
ctx.GetSiteCookie(setting.CookieRememberName) moved from services/auth/middleware.go
Backport #27127 by @earl-warren
- Use the correct total amount for pagination. Thereby correctly show
the pagination bare when there's more than one page of
followers/followings.
Refs: https://codeberg.org/forgejo/forgejo/pulls/1477
(cherry picked from commit c1a136318be3bf72511bed108f2d67f2cf34e1b8)
Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
(cherry picked from commit 1d6e5c8e5862e634081c943f346003c36e47415f)
Backport #26813 by @JakobDev
You can currently visit `{repo}/issues/new` and create a blank issue,
even if it's disabled. This PR fixes this,
Fixes https://codeberg.org/forgejo/forgejo/issues/1356
Co-authored-by: JakobDev <jakobdev@gmx.de>
(cherry picked from commit 2cfabb68ffb4fe188cdbb323be46b300c85f0134)
Backport #26785 by @CaiCandong
## Description
Sometimes, we need to use an upstream mirror repository to update the
current development repository, but mirror repositories are prohibited
from PR. It should not appear in `merge to,` but it can appear in `pull
from.`
Fix#24585#26193#26781
Related #24183
Many thanks to @apnote for assisting me in reproducing this bug!
## ScreenShot
---
### Before
<img
src="3d76c376-1f54-45b9-80c9-6ba8319d6a9a"
width="400px">
<img
src="fbfd9f7f-421f-4a2e-9a3e-f2958bbf3312"
width="400px">
### After
<img
src="e6984524-4f61-4310-b795-4d8598bd8963"
width="400px">
<img
src="04065b44-78d7-4721-bf31-0f1674150727"
width="400px">
Co-authored-by: CaiCandong <50507092+CaiCandong@users.noreply.github.com>
(cherry picked from commit 3bab20491e60a5bbcc64bef42394dcf427d74308)
Backport #26198 by @CaiCandong
As title
Before:
After:
fix#26189
Co-authored-by: caicandong <50507092+CaiCandong@users.noreply.github.com>
(cherry picked from commit 352a495c02e079e3b9ee0018dea937e7ccc5692e)
Backport #26392 by @wxiaoguang
Fix#26389
And complete an old TODO: `ctx.Params does un-escaping,..., which is
incorrect.`
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 2d1a7e1cd42b31a62ca627423d088339809238c8)
Backport #26179 by @CaiCandong
In the original implementation, we can only get the first 30 records of
the commit status (the default paging size), if the commit status is
more than 30, it will lead to the bug #25990. I made the following two
changes.
- On the page, use the ` db.ListOptions{ListAll: true}` parameter
instead of `db.ListOptions{}`
- The `GetLatestCommitStatus` function makes a determination as to
whether or not a pager is being used.
fixed#25990
Co-authored-by: caicandong <50507092+CaiCandong@users.noreply.github.com>
(cherry picked from commit 060026995a95a61a35535215105db015bab8a697)
- Tell the renderer to use the `document` mode, so it's consistent with
other renderers.
- Use the same padding as `.file-view.markup`, so it's consistent with
other containers that contain markup rendering.
- Resolves https://codeberg.org/forgejo/forgejo/issues/833
Co-authored-by: Gusted <postmaster@gusted.xyz>
Conflicts:
routers/web/user/profile.go
inserted Metas: map[string]string{"mode": "document"}, where
it was missing
Backport #26182 by @Zettat123
Fix#25934
Add `ignoreGlobal` parameter to `reqUnitAccess` and only check global
disabled units when `ignoreGlobal` is true. So the org-level projects
and user-level projects won't be affected by global disabled
`repo.projects` unit.
Co-authored-by: Zettat123 <zettat123@gmail.com>
(cherry picked from commit 3a29712e0adc9d58ba0fd6336916112a4886ac7e)
backport #26094
Temporily resolve#25915
Related #25994
This PR includes #26007 's changes but have a UI to prompt administrator
about the deprecated settings as well as the log or console warning.
Then users will have enough time to notice the problem and don't have
surprise like before.
<img width="1293" alt="图片"
src="c33355f0-1ea7-4fb3-ad43-cd23cd15391d">
(cherry picked from commit c598741f01f9ccf32d0c4bdd905f4dc58f7af806)
Backport #26016 by @wxiaoguang
Close#25906
Succeeded logs:
```
[I] router: completed GET /root/test/issues/posters?&q=%20&_=1689853025011 for [::1]:59271, 200 OK in 127.7ms @ repo/issue.go:3505(repo.IssuePosters)
[I] router: completed GET /root/test/pulls/posters?&q=%20&_=1689853968204 for [::1]:59269, 200 OK in 94.3ms @ repo/issue.go:3509(repo.PullPosters)
```
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 54a516e9daf84e9a2b8b86e36fbed5592b31a758)
Backport #25417 by @wxiaoguang
Update WorkPath/WORK_PATH related documents, remove out-dated
information.
Remove "StaticRootPath" on the admin config display page, because few
end user really need it, it only causes misconfiguration.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit ee47face12917555245fd84efc303702f45ebba9)
Backport #25917 by @wolfogre
Fix#25905
Co-authored-by: Jason Song <i@wolfogre.com>
(cherry picked from commit b7d054e4b5ccabbc1bf10824b6e3483a53c437f9)
Backport #25883 by @yp05327
We can select PRs to open/close them by one click, but we forgot to
check whether it is merged.
You can get an opening merged PR:
You can confirm this in:
https://try.gitea.io/yp05327/testrepo/pulls/5
Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit 9159964ada44951ba5ee2a41e7bf2fe6f7f7993f)
Backport #25880 by @yp05327
You can confirm this issue in:
https://try.gitea.io/yp05327/testrepo/milestones?state=open&q=a
There's no milestone, but the count is 1.
Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit 36b9a86bd803646dd97832fb24b4fcf7a0cdf410)
- Follow up for: #540, #802
- Add API routes for user blocking from user and organization
perspective.
- The new routes have integration testing.
- The new model functions have unit tests.
- Actually quite boring to write and to read this pull request.
(cherry picked from commit f3afaf15c7e34038363c9ce8e1ef957ec1e22b06)
(cherry picked from commit 6d754db3e5faff93a58fab2867737f81f40f6599)
(cherry picked from commit d0fc8bc9d3b6bb189a2ab634a5329253af9b4629)
(cherry picked from commit 9a53b0d1a07455596622cb02716b476b6aaa95e4)
(cherry picked from commit 44a2a4fd48678058777d6db46c13a2c7298497d4)
(cherry picked from commit 182025db9cc76073bdb0221dfd1fb3b2b66f7fd4)
(cherry picked from commit 558a35963eddd672f1911393a649ab08a9283e5b)
- Resolves#476
- Follow up for: #540
- Ensure that the doer and blocked person cannot follow each other.
- Ensure that the block person cannot watch doer's repositories.
- Add unblock button to the blocked user list.
- Add blocked since information to the blocked user list.
- Add extra testing to moderation code.
- Blocked user will unwatch doer's owned repository upon blocking.
- Add flash messages to let the user know the block/unblock action was successful.
- Add "You haven't blocked any users" message.
- Add organization blocking a user.
Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/802
(cherry picked from commit 0505a1042197bd9136b58bc70ec7400a23471585)
(cherry picked from commit 37b4e6ef9b85e97d651cf350c9f3ea272ee8d76a)
(cherry picked from commit 217475385a815298dcbd8029e0cc8cb2c5877bae)
(cherry picked from commit f2c38ce5c2f6cf4008aa1929539063715b50562c)
(cherry picked from commit 1edfb68137d8c322a7a9a7c7196fc8f01ff1a889)
(cherry picked from commit 2cbc12dc740e6fefc196b7fea6ac8a0ffbbfbeef)
(cherry picked from commit 79ff020f182327986dcfd874bc49d4fe32efc29a)
- Add the ability to block a user via their profile page.
- This will unstar their repositories and visa versa.
- Blocked users cannot create issues or pull requests on your the doer's repositories (mind that this is not the case for organizations).
- Blocked users cannot comment on the doer's opened issues or pull requests.
- Blocked users cannot add reactions to doer's comments.
- Blocked users cannot cause a notification trough mentioning the doer.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/540
(cherry picked from commit 687d852480388897db4d7b0cb397cf7135ab97b1)
(cherry picked from commit 0c32a4fde531018f74e01d9db6520895fcfa10cc)
(cherry picked from commit 1791130e3cb8470b9b39742e0004d5e4c7d1e64d)
(cherry picked from commit 00f411819f62c02016d46602ab4daf49effe0550)
(cherry picked from commit e0c039b0e899e787a8df1efdd6b47388d93e08fa)
(cherry picked from commit b5a058ef0039e95be23893e6fefdcb62a7de071a)
(cherry picked from commit 5ff5460d28a482526da7e77bffb18d08de14aaaa)
(cherry picked from commit 97bc6e619d2970839b8692b7b025ff0ec1c96d12)
(cherry picked from commit 20b56692693e054bb3c04b4ef12b29b0715b4530)
(cherry picked from commit 1574643a6a9634e5b92c033a4bfb69062a86bd05)
Update semantic version according to specification
(cherry picked from commit 22510f41306f9c133a7e99b61f9c38dabfd4b810)
Mise à jour de 'Makefile'
(cherry picked from commit c3d85d8409f1bb18a45659a167cf1ffee057f3b6)
(cherry picked from commit 5ea23098513c068444226af41faf9be9c4c998e6)
(cherry picked from commit ec5217b9d1b94bb04e34ce8c27eecbdc6f3a247a)
(cherry picked from commit 14f08e364b2ad7e3176b45d3ec8da5f5605b4315)
(cherry picked from commit b4465c67b8737aed9fd79a43046aa3795a298e68)
[API] [SEMVER] replace number with version
(cherry picked from commit fba48e64977a75e77c9c6cf8e3f8a679a5e7b733)
(cherry picked from commit 532ec5d8782703b62d7d02312764e50637cd016e)
[API] [SEMVER] [v1.20] less is replaced by css
(cherry picked from commit 01ca3a4f4291cf4c62df42cbd12a00638f3cdc70)
(cherry picked from commit 1d928c3ab2e1fda6082e1400d89ea96d6605ebaa)
(cherry picked from commit a39dc804cd1da86444ed709455857f069475e7db)
Conflicts:
webpack.config.js
(cherry picked from commit adc68578b3eb41215338125edfca91804706f8a1)
(cherry picked from commit 9b8d98475fd7efcc15bf0d91b0af6ef3aff64508)
(cherry picked from commit 25161039745a63282257eded9616390241af8013)
(cherry picked from commit 18e6287963a0e1863cd08fd514a4e732a1904a68)
(cherry picked from commit e9694e67ab93ad74f7eae3152d88d95e8493e739)
(cherry picked from commit a9763edaf002c8009a2cca4115cb8b926f8cdc85)
(cherry picked from commit e2b550f4fba144f9637a212b56bfe30cac1adb3b)
(cherry picked from commit 2edac36701e8fa1ff67f87dccfa34cfc00ab66de)
[API] Forgejo API /api/forgejo/v1 (squash)
Update semver as v1.20 is entering release candidate mode
(cherry picked from commit 4995098ec3c6eee19a7ad7bc956b71c6e937c04c)
(cherry picked from commit 3dd6f2862e10250e5caefbf46a6c8092ab68eabc)
(cherry picked from commit e8192737ef5773b520f85c6ea405219ad6fce1a5)
(cherry picked from commit 7b1245cc706c95e70c01601c54e0dfabb162ba31)
(cherry picked from commit 4d7cd59703dffbd2ab5bb417afe8ace3d0af7141)
(cherry picked from commit 7a7a293dbd8f5e2acd313d3d96c54a337f717f1f)
Backport #25733 by @hiifong
When only the casing of the username changes, update the owner name of the repo,
and keep the original logic consistent with other conditions.
example: assume your username is `gitea`, lowercase username is `gitea` too,
repo URL is `.../gitea/{repo}`.
You change your username to `Gitea`, `GiTea` or something like that,
as long as the lowercase username is still `gitea`, the repo URL remained `.../gitea/{repo}`.
this pr keeps the new username consistent with the repo URL.
Before:
After:
Co-authored-by: hiifong <i@hiif.ong>
