1
0
mirror of https://github.com/go-gitea/gitea.git synced 2025-05-03 14:08:03 +00:00
Commit Graph

107 Commits

Author SHA1 Message Date
wxiaoguang
0148d03f21
Enforce two-factor auth (2FA: TOTP or WebAuthn) ()
Fix 

Design:

1. A global setting `security.TWO_FACTOR_AUTH`.
* To support org-level config, we need to introduce a better "owner
setting" system first (in the future)
2. A user without 2FA can login and may explore, but can NOT read or
write to any repositories via API/web.
3. Keep things as simple as possible.
* This option only aggressively suggest users to enable their 2FA at the
moment, it does NOT guarantee that users must have 2FA before all other
operations, it should be good enough for real world use cases.
* Some details and tests could be improved in the future since this
change only adds a check and seems won't affect too much.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2025-04-28 15:31:59 -07:00
wxiaoguang
8aee07a064
Improve "not found" error messages for API ()
Make the message clear, for example: 
2025-04-23 17:42:50 +08:00
Denys Konovalov
9a071a596f
Add API endpoint to request contents of multiple files simultaniously ()
Adds an API POST endpoint under `/repos/{owner}/{repo}/file-contents`
which receives a list of paths and returns a list of the contents of
these files.

This API endpoint will be helpful for applications like headless CMS
(reference: https://github.com/sveltia/sveltia-cms/issues/198) which
need to retrieve a large number of files by reducing the amount of
needed API calls.

Close 

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-04-22 01:20:11 +08:00
wxiaoguang
07c6087878
Fix team permission ()
The `team.access_mode` should be either `none` or `admin/owner`.
For non-admin team, the real permissions are provided by `team_unit`.
2025-04-08 04:15:15 +00:00
wxiaoguang
3fe082a5a3
Remove dead code: RepoRef ()
The RepoRef is a no-op since Refactor ref type () (Jan 14)
2025-04-06 20:08:10 +03:00
Lunny Xiao
c27d87a9ac
Refactor Branch struct in package modules/git ()
The `Branch` struct in `modules/git` package is unnecessary. We can just
use a `string` to represent a branch
2025-04-02 17:31:32 +00:00
wxiaoguang
6ed1b26c58
Do not show 500 error when default branch doesn't exist ()
Fix 
2025-04-01 21:39:00 -07:00
TheFox0x7
ee3c82f874
Enable addtional linters ()
enable mirror, usestdlibbars and perfsprint 
part of: https://github.com/go-gitea/gitea/issues/34083

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-04-01 10:14:01 +00:00
TheFox0x7
0fde8ecd55
Enable testifylint rules ()
enable testifylint rules disabled in:
https://github.com/go-gitea/gitea/pull/34054
2025-03-31 01:53:48 -04:00
wxiaoguang
b59705fa34
Add a config option to block "expensive" pages for anonymous users ()
Fix 

```
;; User must sign in to view anything.
;; It could be set to "expensive" to block anonymous users accessing some pages which consume a lot of resources,
;; for example: block anonymous AI crawlers from accessing repo code pages.
;; The "expensive" mode is experimental and subject to change.
;REQUIRE_SIGNIN_VIEW = false
```
2025-03-30 05:26:19 +00:00
TheFox0x7
2a59dfbd47
enable staticcheck QFxxxx rules () 2025-03-29 17:32:28 -04:00
wxiaoguang
0d2607a303
Add anonymous access support for private repositories (backend) ()
Follow 

This PR add backend logic and test for "anonymous access", it shares the
same logic as "everyone access", so not too much change.

By the way, split `SettingsPost` into small functions to make it easier
to make frontend-related changes in the future.

Next PR will add frontend support for "anonymous access"
2025-03-28 22:42:29 +08:00
Lunny Xiao
356b707dde
Git client will follow 301 but 307 ()
Fix 

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-03-25 07:20:08 +00:00
Lunny Xiao
30ee082e48
Only use prev and next buttons for pagination on user dashboard ()
The pagination on the user dashboard sounds unnecessary, this will
change it to a prev/next buttons. For instances with around `10 million`
records in the action table, this option affects how the user dashboard
is loaded on first visit.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2025-03-23 19:52:43 +00:00
Lunny Xiao
0056fdb942
Move git references checking to gitrepo packages to reduce expose of repository path () 2025-03-15 19:48:59 -07:00
wxiaoguang
3996518ed4
Refactor cache-control ()
And fix 
2025-03-13 07:04:50 +08:00
wxiaoguang
4ed71eb754
Improve log format () 2025-03-08 21:47:11 +08:00
Guillaume
303af554c9
Improve "generate new access token" form ()
Fix: https://github.com/go-gitea/gitea/issues/33519

As discussed in [PR
](https://github.com/go-gitea/gitea/pull/33614), the
ScopedAccessTokenSelector Vue component is not particularly useful.

This PR removes the component and reverts to using HTML templates. It
also introduces some (hopefully) useful refactoring.

The Vue component was causing the UX bug reported in the linked issue.
Required form fields are now properly working, as expected (see
screenshot).

![Screenshot from 2025-02-25
22-00-28](https://github.com/user-attachments/assets/41167854-0718-48b0-a3ee-75ca3a7b8b20)

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-02-27 19:40:12 +00:00
wxiaoguang
56a0a9c750
Fix git empty check and HEAD request () 2025-02-24 02:11:29 +00:00
wxiaoguang
15e020eec8
Refactor error system () 2025-02-17 12:41:03 -08:00
wxiaoguang
f35850f48e
Refactor error system () 2025-02-16 22:13:17 -08:00
wxiaoguang
f58f5bb3d8
Avoid duplicate SetContextValue call ()
And fix FIXME and TODO
2025-02-12 14:25:46 +08:00
wxiaoguang
245ac321c3
Fix context usage ()
Some old code use direct type-casting to get context, it causes
problems.

This PR fixes all legacy problems and use correct `ctx.Value` to get
low-level contexts.

Fix 
2025-02-11 16:46:03 +08:00
wxiaoguang
30993e9508
Feature: Support workflow event dispatch via API ()
Fix: https://github.com/go-gitea/gitea/issues/31765 (Re-open )

---------

Co-authored-by: Bence Santha <git@santha.eu>
Co-authored-by: Bence Sántha <7604637+bencurio@users.noreply.github.com>
Co-authored-by: Christopher Homberger <christopher.homberger@web.de>
2025-02-11 03:05:42 +08:00
wxiaoguang
09a3b07f10
Refactor web route handler () 2025-02-05 02:14:03 +08:00
K Kovacs
34692a20b1
Worktime tracking for the organization level ()
Dear Gitea team,

first of all, thanks for the great work you're doing with this project.

I'm planning to introduce Gitea at a client site, and noticed that while
there is time recording, there are no project-manager-friendly reports
to actually make use of that data, as were also mentioned by others in
  and .

Since I had a little time last weekend, I had put together something
that I hope to be a useful contribution to this great project (while of
course useful for me too).

This PR adds a new "Worktime" tab to the Organisation level. There is a
date range selector (by default set to the current month), and there are
three possible views:

- by repository,
- by milestone, and
- by team member.

Happy to receive any feedback!

There are several possible future improvements of course (predefined
date ranges, charts, a member time sheet, matrix of repos/members, etc)
but I hope that even in this relatively simple state this would be
useful to lots of people.

<img width="1161" alt="Screen Shot 2022-05-25 at 22 12 58"
src="https://user-images.githubusercontent.com/118010/170366976-af00c7af-c4f3-4117-86d7-00356d6797a5.png">

Keep up the good work!

Kristof

---------

Co-authored-by: user <user@kk-git1>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-02-03 01:51:12 +08:00
wxiaoguang
f24d73ab5f
Fix "redirect link" handling ()
`a%2fb` should not redirect to `a/b`

---------

Co-authored-by: delvh <dev.lh@web.de>
2025-01-31 04:12:14 +08:00
Lunny Xiao
f88dbf86b3
Refactor repository transfer ()
- Both have `RejectTransfer` and `CancelTransfer` because the permission
checks are not the same. `CancelTransfer` can be done by the doer or
those who have admin permission to access this repository.
`RejectTransfer` can be done by the receiver user if it's an individual
or those who can create repositories if it's an organization.

- Some tests are wrong, this PR corrects them.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-01-30 05:40:44 +00:00
wxiaoguang
2c1ff8701a
Refactor context flash msg and global variables ()
1. add `GetSiteCookieFlashMessage` to help to parse flash message
2. clarify `handleRepoHomeFeed` logic
3. remove unnecessary global variables, use `sync.OnceValue` instead
4. add some tests for `IsUsableUsername` and `IsUsableRepoName`
2025-01-25 14:36:47 +00:00
wxiaoguang
06ff9b6256
Do not access GitRepo when a repo is being created () 2025-01-24 18:27:36 +00:00
wxiaoguang
6fe4d1c038
Remove duplicate "ResponseWriter.Status" method () 2025-01-22 06:37:52 +00:00
wxiaoguang
6073e2f1bb
Refactor response writer & access logger ()
And add comments & tests
2025-01-20 06:25:17 +00:00
wxiaoguang
cfc6e21f06
Fix incorrect ref usages ()
Fix 

By the way, improve some locales
2025-01-16 13:52:21 +00:00
wxiaoguang
b15d01b0ce
Prepare for support performance trace ()
For 
2025-01-15 20:05:18 +00:00
wxiaoguang
f6dbf0e7b3
Fix incorrect TagName/BranchName usages ()
Add add a new test
2025-01-15 17:34:55 +08:00
wxiaoguang
fcd096231a
Simplify context ref name () 2025-01-15 11:15:47 +08:00
Lunny Xiao
6410c34b7f
Refactor ref type ()
Major changes:

1. do not sync ".keep" file during tests
2. fix incorrect route handler and empty repo handling (backported as  with tests)
3. do not use `RepoRef`: most of the calls are abuses.
4. Use `git.RefType` instead of a new type definition `RepoRefType` on `context`.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-01-14 15:35:34 +08:00
wxiaoguang
a98a836e76
Support public code/issue access for private repositories ()
Close , close  (will add "anonymous access" in following PRs)
2025-01-14 01:53:34 +00:00
wxiaoguang
348b7074c8
Fix incorrect ref "blob" ()
1. "blob" is not a "ref", it shouldn't (and not unable to) be handled by
`RepoRefByType`
2. the `/blob/{sha}` handle should use the path param "sha" directly
2025-01-13 16:27:11 +08:00
wxiaoguang
2ea929a952
Refactor RefName ()
And fix some FIXMEs
2025-01-13 14:01:53 +08:00
wxiaoguang
81352542fd
Refactor context RefName and RepoAssignment ()
The `ctx.Repo.RefName` was used to be a "short name", it causes a lot of
ambiguity.

This PR does some refactoring and use `RefFullName` to replace the
legacy `RefName`, and simplify RepoAssignment
2025-01-13 01:07:05 +00:00
wxiaoguang
a068462ac0
Refactor context repository () 2025-01-12 03:39:46 +00:00
wxiaoguang
65aae0912a
Fix raw file API ref handling ()
Fix  and add more tests
2025-01-10 01:31:49 +00:00
wxiaoguang
34dfc25b83
Make git clone URL could use current signed-in user ()
close 

* Add a special value for "SSH_USER" setting: `(DOER_USERNAME)`
* Improve parseRepositoryURL and add tests (now it doesn't have hard
dependency on some setting values)

Many changes are just adding "ctx" and "doer" argument to functions.

By the way, improve app.example.ini, remove all `%(key)s` syntax, it
only makes messy and no user really cares about it.

Document: https://gitea.com/gitea/docs/pulls/138
2025-01-07 13:17:44 +08:00
wxiaoguang
3d544a3ad3
Fix empty git repo handling logic ()
Fix 
2025-01-04 18:47:24 +08:00
Chai-Shi
0387195abb
[Feature] Private README.md for organization ()
Implemented 

---------

Co-authored-by: Ben Chang <ben_chang@htc.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-12-31 04:22:09 +00:00
wxiaoguang
cd1b5488a3
Refactor pagination ()
I am sure the simple approach should work, let's try it in 1.24

Follow  and 
2024-12-30 01:57:38 +00:00
wxiaoguang
2a828e2798
Clarify path param naming ()
In history (from some legacy frameworks), both `:name` and `name` are
supported as path path name, `:name` is an alias to `name`.

To make code consistent, now we should only use `name` but not `:name`.

Also added panic check in related functions to make sure the name won't
be abused in case some downstreams still use them.
2024-12-24 13:47:45 +00:00
wxiaoguang
6d5aa9218e
Refactor request context ()
Introduce RequestContext: is a short-lived context that is used to store
request-specific data.

RequestContext could be used to clean form tmp files, close context git
repo, and do some tracing in the future.

Then a lot of legacy code could be removed or improved. For example:
most `ctx.Repo.GitRepo.Close()` could be removed because the git repo
could be closed when the request is done.
2024-12-24 11:43:57 +08:00
wxiaoguang
781c6df40f
Add sub issue list support ()
Just like GitHub, show issue icon/title when the issue number is in a list
2024-12-24 01:54:19 +00:00