Use [chi](https://github.com/go-chi/chi) instead of the forked [macaron](https://gitea.com/macaron/macaron). Since macaron and chi have conflicts with session share, this big PR becomes a have-to thing. According my previous idea, we can replace macaron step by step but I'm wrong. :( Below is a list of big changes on this PR.
- [x] Define `context.ResponseWriter` interface with an implementation `context.Response`.
- [x] Use chi instead of macaron, and also a customize `Route` to wrap chi so that the router usage is similar as before.
- [x] Create different routers for `web`, `api`, `internal` and `install` so that the codes will be more clear and no magic .
- [x] Use https://github.com/unrolled/render instead of macaron's internal render
- [x] Use https://github.com/NYTimes/gziphandler instead of https://gitea.com/macaron/gzip
- [x] Use https://gitea.com/go-chi/session which is a modified version of https://gitea.com/macaron/session and removed `nodb` support since it will not be maintained. **BREAK**
- [x] Use https://gitea.com/go-chi/captcha which is a modified version of https://gitea.com/macaron/captcha
- [x] Use https://gitea.com/go-chi/cache which is a modified version of https://gitea.com/macaron/cache
- [x] Use https://gitea.com/go-chi/binding which is a modified version of https://gitea.com/macaron/binding
- [x] Use https://github.com/go-chi/cors instead of https://gitea.com/macaron/cors
- [x] Dropped https://gitea.com/macaron/i18n and make a new one in `code.gitea.io/gitea/modules/translation`
- [x] Move validation form structs from `code.gitea.io/gitea/modules/auth` to `code.gitea.io/gitea/modules/forms` to avoid dependency cycle.
- [x] Removed macaron log service because it's not need any more. **BREAK**
- [x] All form structs have to be get by `web.GetForm(ctx)` in the route function but not as a function parameter on routes definition.
- [x] Move Git HTTP protocol implementation to use routers directly.
- [x] Fix the problem that chi routes don't support trailing slash but macaron did.
- [x] `/api/v1/swagger` now will be redirect to `/api/swagger` but not render directly so that `APIContext` will not create a html render.
Notices:
- Chi router don't support request with trailing slash
- Integration test `TestUserHeatmap` maybe mysql version related. It's failed on my macOS(mysql 5.7.29 installed via brew) but succeed on CI.
Co-authored-by: 6543 <6543@obermui.de>
* Add redirect for user
* Add redirect for orgs
* Add user redirect test
* Appease linter
* Add comment to DeleteUserRedirect function
* Fix locale changes
* Fix GetUserByParams
* Fix orgAssignment
* Remove debug logging
* Add redirect prompt
* Dont Export DeleteUserRedirect & only use it within a session
* Unexport newUserRedirect
* cleanup
* Fix & Dedub API code
* Format Template
* Add Migration & rm dublicat
* Refactor: unexport newRepoRedirect() & rm dedub del exec
* if this fails we'll need to re-rename the user directory
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Support shortened commit SHAs in URLs and API
* Add test case for short sha
* Fix format
* Revert API support
* Add canonical link headers for short commit ID URLs
* Let Branch and Raw Endpoint return json error if not found
* Revert "RM RepoRefByTypeForAPI and move needed parts into GetRawFile directly"
This reverts commit d826d08577b23765cb3c257e7a861191d1aa9a04.
* more similar to RepoRefByType
* dedub-code
* API should just speak JSON
* nice name
Co-authored-by: zeripath <art27@cantab.net>
* Multiple GitGraph improvements.
Add backend support for excluding PRs, selecting branches and files.
Fix #10327
Signed-off-by: Andrew Thornton <art27@cantab.net>
* as per @silverwind
Signed-off-by: Andrew Thornton <art27@cantab.net>
* as per @silverwind
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Only show refs in dropdown we display on the graph
Signed-off-by: Andrew Thornton <art27@cantab.net>
* as per @silverwind
Signed-off-by: Andrew Thornton <art27@cantab.net>
* use flexbox for ui header
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Move Hide Pull Request button to the dropdown
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add SHA and user pictures
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fix test
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fix test 2
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fixes
* async
* more tweaks
* use tabs in tmpl
Signed-off-by: Andrew Thornton <art27@cantab.net>
* remove commented thing
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fix linting
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update web_src/js/features/gitgraph.js
Co-authored-by: silverwind <me@silverwind.io>
* graph tweaks
* more tweaks
* add title
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fix loading indicator z-index and position
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Add configurable Trust Models
Gitea's default signature verification model differs from GitHub. GitHub
uses signatures to verify that the committer is who they say they are -
meaning that when GitHub makes a signed commit it must be the committer.
The GitHub model prevents re-publishing of commits after revocation of a
key and prevents re-signing of other people's commits to create a
completely trusted repository signed by one key or a set of trusted
keys.
The default behaviour of Gitea in contrast is to always display the
avatar and information related to a signature. This allows signatures to
be decoupled from the committer. That being said, allowing arbitary
users to present other peoples commits as theirs is not necessarily
desired therefore we have a trust model whereby signatures from
collaborators are marked trusted, signatures matching the commit line
are marked untrusted and signatures that match a user in the db but not
the committer line are marked unmatched.
The problem with this model is that this conflicts with Github therefore
we need to provide an option to allow users to choose the Github model
should they wish to.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Adjust locale strings
Signed-off-by: Andrew Thornton <art27@cantab.net>
* as per @6543
Co-authored-by: 6543 <6543@obermui.de>
* Update models/gpg_key.go
* Add migration for repository
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* routers: make /compare route available to unauthenticated users
Remove some bits of the compare interface if the user isn't signed in.
Notably, they don't need to see the "New Pull Request" button box nor the
hidden form that would fail to submit due to the POST request continuing to
require proper privileges.
Follow-up commits will improve the UI a bit around this, removing some
"Pull Request" verbiage in favor of "Compare."
* ui: home: show "compare" button for unauthenticated users
This change requires pulling in the BaseRepo unconditionally and
recording if the pull request is in-fact not allowed
(.PullRequestCtx.Allowed). If the user isn't allowed to create a pull
request, either because this isn't a fork or same-fork branch PRs aren't
allowed, then we'll name the button "Compare" instead of "Pull Request."
* ui: branch list: use the new Compare language when available
When viewing the branch listing as an unauthenticated user, you'll get
"Pull Request" buttons. use the new "Compare" verbiage instead, which
matches GitHub behavior when you can't issue a pull request from the
branches.
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Fix wrong permissions check when issues/prs shared operations
* move redirect to the last of the function
* fix swagger
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Add require signed commit for protected branch
* Fix fmt
* Make editor show if they will be signed
* bugfix
* Add basic merge check and better information for CRUD
* linting comment
* Add descriptors to merge signing
* Slight refactor
* Slight improvement to appearances
* Handle Merge API
* manage CRUD API
* Move error to error.go
* Remove fix to delete.go
* prep for merge
* need to tolerate \r\n in message
* check protected branch before trying to load it
* Apply suggestions from code review
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* fix commit-reader
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
In investigating #7947 it has become clear that the storage component of go-git repositories needs closing.
This PR adds this Close function and adds the Close functions as necessary.
In TransferOwnership the ctx.Repo.GitRepo is closed if it is open to help prevent the risk of multiple open files.
Fixes #7947
editorconfig-core-go made breaking api changes and has recently released
v2.1.1. This change consumes the new api and fixes up any breaking
references.
* fix org visibility bug
* fix permission check
* add integration tests
* fix tests
* change test user name for easier maintainance and fix test
* fix test git repo name
Add support for repo_redirect objects in the git smart http
handler so that when a user clones a repo that has been moved
or renamed, they are redirected to the new location.
This requires that the query string be included in the redirect
as well, so that is added.
Signed-off-by: James E. Blair <jeblair@redhat.com>
* Use go-git for tree reading and commit info lookup.
Signed-off-by: Filip Navara <navara@emclient.com>
* Use TreeEntry.IsRegular() instead of ObjectType that was removed.
Signed-off-by: Filip Navara <navara@emclient.com>
* Use the treePath to optimize commit info search.
Signed-off-by: Filip Navara <navara@emclient.com>
* Extract the latest commit at treePath along with the other commits.
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix listing commit info for a directory that was created in one commit and never modified after.
Signed-off-by: Filip Navara <navara@emclient.com>
* Avoid nearly all external 'git' invocations when doing directory listing (.editorconfig code path is still hit).
Signed-off-by: Filip Navara <navara@emclient.com>
* Use go-git for reading blobs.
Signed-off-by: Filip Navara <navara@emclient.com>
* Make SHA1 type alias for plumbing.Hash in go-git.
Signed-off-by: Filip Navara <navara@emclient.com>
* Make Signature type alias for object.Signature in go-git.
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix GetCommitsInfo for repository with only one commit.
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix PGP signature verification.
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix issues with walking commit graph across merges.
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix typo in condition.
Signed-off-by: Filip Navara <navara@emclient.com>
* Speed up loading branch list by keeping the repository reference (and thus all the loaded packfile indexes).
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix lising submodules.
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix build
Signed-off-by: Filip Navara <navara@emclient.com>
* Add back commit cache because of name-rev
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix tests
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix code style
* Fix spelling
* Address PR feedback
Signed-off-by: Filip Navara <navara@emclient.com>
* Update vendor module list
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix getting trees by commit id
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix remaining unit test failures
* Fix GetTreeBySHA
* Avoid running `git name-rev` if not necessary
Signed-off-by: Filip Navara <navara@emclient.com>
* Move Branch code to git module
* Clean up GPG signature verification and fix it for tagged commits
* Address PR feedback (import formatting, copyright headers)
* Make blob lookup by SHA working
* Update tests to use public API
* Allow getting content from any type of object through the blob interface
* Change test to actually expect the object content that is in the GIT repository
* Change one more test to actually expect the object content that is in the GIT repository
* Add comments
* Panic don't fatal on create new logger
Fixes #5854
Signed-off-by: Andrew Thornton <art27@cantab.net>
* partial broken
* Update the logging infrastrcture
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Reset the skip levels for Fatal and Error
Signed-off-by: Andrew Thornton <art27@cantab.net>
* broken ncsa
* More log.Error fixes
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Remove nal
* set log-levels to lowercase
* Make console_test test all levels
* switch to lowercased levels
* OK now working
* Fix vetting issues
* Fix lint
* Fix tests
* change default logging to match current gitea
* Improve log testing
Signed-off-by: Andrew Thornton <art27@cantab.net>
* reset error skip levels to 0
* Update documentation and access logger configuration
* Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE
* Fix broken level caching
* Refactor the router log
* Add Router logger
* Add colorizing options
* Adjust router colors
* Only create logger if they will be used
* update app.ini.sample
* rename Attribute ColorAttribute
* Change from white to green for function
* Set fatal/error levels
* Restore initial trace logger
* Fix Trace arguments in modules/auth/auth.go
* Properly handle XORMLogger
* Improve admin/config page
* fix fmt
* Add auto-compression of old logs
* Update error log levels
* Remove the unnecessary skip argument from Error, Fatal and Critical
* Add stacktrace support
* Fix tests
* Remove x/sync from vendors?
* Add stderr option to console logger
* Use filepath.ToSlash to protect against Windows in tests
* Remove prefixed underscores from names in colors.go
* Remove not implemented database logger
This was removed from Gogs on 4 Mar 2016 but left in the configuration
since then.
* Ensure that log paths are relative to ROOT_PATH
* use path.Join
* rename jsonConfig to logConfig
* Rename "config" to "jsonConfig" to make it clearer
* Requested changes
* Requested changes: XormLogger
* Try to color the windows terminal
If successful default to colorizing the console logs
* fixup
* Colorize initially too
* update vendor
* Colorize logs on default and remove if this is not a colorizing logger
* Fix documentation
* fix test
* Use go-isatty to detect if on windows we are on msys or cygwin
* Fix spelling mistake
* Add missing vendors
* More changes
* Rationalise the ANSI writer protection
* Adjust colors on advice from @0x5c
* Make Flags a comma separated list
* Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING
* Ensure matching is done on the non-colored message - to simpify EXPRESSION
* Use PathUnescape instead of QueryUnescape when working with branch names
Currently branch names with a '+' fail in certain situations because
QueryUnescape replaces the + character with a blank space.
Using PathUnescape should be better since it is defined as:
// PathUnescape is identical to QueryUnescape except that it does not
// unescape '+' to ' ' (space).
Fixes #6333
* Change error to match new function name
* Add new util function PathEscapeSegments
This function simply runs PathEscape on each segment of a path without
touching the forward slash itself. We want to use this instead of
PathEscape/QueryEscape in most cases because a forward slash is a valid name for a
branch etc... and we don't want that escaped in a URL.
Putting this in new file url.go and also moving a couple similar
functions into that file as well.
* Use EscapePathSegments where appropriate
Replace various uses of EscapePath/EscapeQuery with new
EscapePathSegments. Also remove uncessary uses of various
escape/unescape functions when the text had already been escaped or was
not escaped.
* Reformat comment to make drone build happy
* Remove no longer used url library
* Requested code changes
When transferring ownership of a repo to a different user/org,
create a repo redirect that points to the new location in the same
way that is done when a repo is renamed.
Signed-off-by: James E. Blair <jeblair@redhat.com>
* Remove all CommitStatus when a repo is deleted
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Minor UI tweaks (#5782)
Added 'No License' option
Added link and octicon change for external issue trackers
Reset password now notifies right away if the code is invalid
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* More UI tweaks
More info in PR
* Generate stylesheet for arc-green
* Make gofmt work
* Change PR integration since the button is changed
* Rebase
* Generate stylesheet
* UI updates
Made the PR button a "basic" button
Vertically centered the issue checkboxes
Labels will update only once after modal is closed
* Commit to reference related issues
Resolves #5782
Resolves #5861
Addresses original question in #5993
* Change the comment wording since PR button is no longer little and green.
* Revert changes that made Windows work
* Regenerate stylesheet
* Regenerate stylesheets
* make generate-stylesheets
* Update integration again, changed button style
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Added ID to PR button
Changed integration to use the ID to avoid breaking in the future
* Added missing semi-colons
* Added back distinction between issue actions and filters (overlooked it before)
Moved action button over next to other action dropdowns
* Remove extra tab formatting in list.tmpl
* Remove more formatting from GoLand
* Replace hardcoded "No License" with i18n license helper.
* Add raw blob endpoint
This should make it possible to download raw blobs directly from
/:repo/:username/raw/blob/:sha1 URLs.
* fix: Make it work
* As an SHA-ID is no path getRefNameFromPath can't be used to verify
file specifying parameter
* added relevant change in go-gitea/git #132
Signed-off-by: Berengar W. Lehr <Berengar.Lehr@kompetenztest.de>
* Update Gopkg.lock
Can't update all vendors due to errors
Signed-off-by: Berengar W. Lehr <Berengar.Lehr@kompetenztest.de>
* style: Add Gitea copyright header
* feat: Added integration test for /repo/u/r/raw/blob
* fix: correct year in copyright header
* Make URL scheme unambiguous
Redirect old routes to new routes
* Fix redirects to new URL scheme, and update template
* Fix branches/_new endpoints, and update integration test
* Add commit count caching
* Small refactoring
* Add different key prefix for refs and commits
* Add configuratuion option to allow to change caching time or disable it
* Create new branch from branch selection dropdown and rewrite it to VueJS
* Make updateLocalCopyToCommit as not exported
* Move branch name validation to model
* Fix possible race condition
* Fix so that user can still fork his own repository to his organizations
* Fix to only use owned organizations
* Add integration test for forking own repository to owned organization
* Add Activity page to repository
* Add request data for activity
* Add issue data for activity
* Add user unit right checks
* Add releases to activity
* Log repository unit loading error
* Sync releases table with tags on push and for mirrors
* Code style fixes
* Fix api to return only releases
* Optimize release creation and update
Minimize posibility of race conditions
* Fix release lower tag name updating
* handle tag reference update by addionally comparing commit id
* Hotfix for "Add time manually" (https://github.com/go-gitea/gitea/pull/2211#issuecomment-328780125)
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Checking if Code unit is enabled before creating a fork.
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Adding a discrete function for RepoIDAssignment
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Improved Documentation
* Added comment's hashtag to url for mail notifications.
* Added explanation to return statement + documentation.
* Replacing in-line link generation with HTMLURL. (+gofmt)
* Replaced action-based model with nil-based model. (+gofmt)
* Replaced mailIssueActionToParticipants with mailIssueCommentToParticipants.
* Updating comment for mailIssueCommentToParticipants
* Added link to comment in "Dashboard"
* Deleting feed entry if a comment is going to be deleted
* Added migration
* Added improved migration to add a CommentID column to action.
* Added improved links to comments in feed entries.
* Fixes #1956 by filtering for deleted comments that are referenced in actions.
* Introducing "IsDeleted" column to action.
* Adding design draft (not functional)
* Adding database models for stopwatches and trackedtimes
* See go-gitea/gitea#967
* Adding design draft (not functional)
* Adding translations and improving design
* Implementing stopwatch (for timetracking)
* Make UI functional
* Add hints in timeline for time tracking events
* Implementing timetracking feature
* Adding "Add time manual" option
* Improved stopwatch
* Created report of total spent time by user
* Only showing total time spent if theire is something to show.
* Adding license headers.
* Improved error handling for "Add Time Manual"
* Adding @sapks 's changes, refactoring
* Adding API for feature tracking
* Adding unit test
* Adding DISABLE/ENABLE option to Repository settings page
* Improving translations
* Applying @sapk 's changes
* Removing repo_unit and using IssuesSetting for disabling/enabling timetracker
* Adding DEFAULT_ENABLE_TIMETRACKER to config, installation and admin menu
* Improving documentation
* Fixing vendor/ folder
* Changing timtracking routes by adding subgroups /times and /times/stopwatch (Proposed by @lafriks )
* Restricting write access to timetracking based on the repo settings (Proposed by @lafriks )
* Fixed minor permissions bug.
* Adding CanUseTimetracker and IsTimetrackerEnabled in ctx.Repo
* Allow assignees and authors to track there time too.
* Fixed some build-time-errors + logical errors.
* Removing unused Get...ByID functions
* Moving IsTimetrackerEnabled from context.Repository to models.Repository
* Adding a seperate file for issue related repo functions
* Adding license headers
* Fixed GetUserByParams return 404
* Moving /users/:username/times to /repos/:username/:reponame/times/:username for security reasons
* Adding /repos/:username/times to get all tracked times of the repo
* Updating sdk-dependency
* Updating swagger.v1.json
* Adding warning if user has already a running stopwatch (auto-timetracker)
* Replacing GetTrackedTimesBy... with GetTrackedTimes(options FindTrackedTimesOptions)
* Changing code.gitea.io/sdk back to code.gitea.io/sdk
* Correcting spelling mistake
* Updating vendor.json
* Changing GET stopwatch/toggle to POST stopwatch/toggle
* Changing GET stopwatch/cancel to POST stopwatch/cancel
* Added migration for stopwatches/timetracking
* Fixed some access bugs for read-only users
* Added default allow only contributors to track time value to config
* Fixed migration by chaging x.Iterate to x.Find
* Resorted imports
* Moved Add Time Manually form to repo_form.go
* Removed "Seconds" field from Add Time Manually
* Resorted imports
* Improved permission checking
* Fixed some bugs
* Added integration test
* gofmt
* Adding integration test by @lafriks
* Added created_unix to comment fixtures
* Using last event instead of a fixed event
* Adding another integration test by @lafriks
* Fixing bug Timetracker enabled causing error 500 at sidebar.tpl
* Fixed a refactoring bug that resulted in hiding "HasUserStopwatch" warning.
* Returning TrackedTime instead of AddTimeOption at AddTime.
* Updating SDK from go-gitea/go-sdk#69
* Resetting Go-SDK back to default repository
* Fixing test-vendor by changing ini back to original repository
* Adding "tags" to swagger spec
* govendor sync
* Removed duplicate
* Formatting templates
* Adding IsTimetrackingEnabled checks to API
* Improving translations / english texts
* Improving documentation
* Updating swagger spec
* Fixing integration test caused be translation-changes
* Removed encoding issues in local_en-US.ini.
* "Added" copyright line
* Moved unit.IssuesConfig().EnableTimetracker into a != nil check
* Removed some other encoding issues in local_en-US.ini
* Improved javascript by checking if data-context exists
* Replaced manual comment creation with CreateComment
* Removed unnecessary code
* Improved error checking
* Small cosmetic changes
* Replaced int>string>duration parsing with int>duration parsing
* Fixed encoding issues
* Removed unused imports
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Remove unit types commits and settings
* Can not limit units in administrator teams
* Limit changing units only to teams with read and write access mode
* Small code optimization
* Add configuration flag SSH_EXPOSE_ANONYMOUS
If this flag (default True) is set to false, the SSH clone URL will only be exposed if the current user is signed in.
* Default SSH exposure set to false
To match GitHub and for security reasons, SSH URL exposure is disabled by default.
In addition to that. minor code changes have been applied.
Signed-off-by: Stefan Kalscheuer <stefan@stklcode.de>
* Add integration tests
* Hide clone button neither HTTP and SSH is enabled
Signed-off-by: Stefan Kalscheuer <stefan@stklcode.de>
* add units to team
* fix lint
* finish team setting backend
* finished permission controll on routes
* fix import blank line
* add unit check on ssh/http pull and push and fix test failed
* fix fixtures data
* remove unused code
* Do not allow commiting to protected branch from online editor
* Add editor integration tests for adding new file and not allowing to add new file to protected branch