1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-22 12:54:53 -05:00
Commit graph

22016 commits

Author SHA1 Message Date
Rowan Bohde
2e00ae4cdd
Validate OAuth Redirect URIs (#32643)
This fixes a TODO in the code to validate the RedirectURIs when adding
or editing an OAuth application in user settings.

This also includes a refactor of the user settings tests to only create
the DB once per top-level test to avoid reloading fixtures.

(cherry picked from commit 16a7d343d78807e39df124756e5d43a69a2203a3)

Conflicts:
	services/forms/user_form.go
	tests/integration/user_settings_test.go
  simple conflicts
2024-12-03 10:19:22 +01:00
Lunny Xiao
3973f1022d
Add github compatible tarball download API endpoints (#32572)
Fix #29654
Fix #32481

(cherry picked from commit 703be6bf307ed19ce8dc8cd311d24aeb6e5b9861)

Conflicts:
	routers/api/v1/repo/file.go
	routers/web/repo/repo.go
	services/repository/archiver/archiver.go
	services/repository/archiver/archiver_test.go
  trivial context conflicts
  add missing function PathParam skipped in a very large refactor
2024-12-03 10:19:22 +01:00
Earl Warren
3d92dc861f Merge pull request 'feat: avoid sorting for MakeSelfOnTop' (#6130) from gusted/forgejo-sort into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6130
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-12-03 07:09:38 +00:00
Earl Warren
9dfea97080 Merge pull request 'fix: clean up log files that no longer exist' (#6128) from gusted/forgejo-cleanup into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6128
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-12-03 07:07:39 +00:00
Gusted
b500c48fa0
feat: avoid sorting for MakeSelfOnTop
- Although sorting can be used to make the doer the first user of the
list, this isn't optimal and can be instead done with a linear search,
remove that entry and add the doer to the front of the slice.
- Extra unit test added.
2024-12-03 05:32:51 +01:00
Gusted
4e8677a911
fix: clean up log files that no longer exist
- If for some reason a action log file does not longer exist in the
database or on the file system, then mark it as being cleaned up.
- Unit test added.
2024-12-03 05:09:47 +01:00
Gusted
b525eec82b Merge pull request 'fix: dbconsistency check adding missing quotes' (#6124) from 71rd/forgejo:dbconsistency-forgejo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6124
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-12-03 04:05:20 +00:00
Gusted
45cec645de Merge pull request 'fix: return correct type in GetSubModule' (#6114) from gusted/forgejo-submodule-entry into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6114
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-12-03 03:24:01 +00:00
71rd
2953080339 fix: dbconsistency check adding missing quotes
On postgres the new check for orphaned authorization tokens fails with:
- [E] Error: pq: syntax error at or near "." whilst counting Authorization token without existing User

Adding marks to the user table reference allows the check to succeed
2024-12-02 16:05:51 +00:00
Otto
7c9214cb92 Merge pull request 'chore(ci): run merge conditions when a new commit is pushed' (#6120) from earl-warren/forgejo:wip-merge-conditions into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6120
Reviewed-by: Otto <otto@codeberg.org>
2024-12-02 14:03:54 +00:00
Earl Warren
4075d2c891
chore(ci): run merge conditions when a new commit is pushed
Otherwise the latest status of the PR may be skipped instead of fail
if the condition is not met.
2024-12-02 13:20:35 +01:00
Renovate Bot
8365133d6c Update renovate to v39.42.4 (forgejo) (#6115)
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-12-02 07:14:08 +00:00
Renovate Bot
fc0510fc6f chore(deps): update dependency globals to v15.13.0 (forgejo)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [globals](https://github.com/sindresorhus/globals) | devDependencies | minor | [`15.12.0` -> `15.13.0`](https://renovatebot.com/diffs/npm/globals/15.12.0/15.13.0) |

---

### Release Notes

<details>
<summary>sindresorhus/globals (globals)</summary>

### [`v15.13.0`](https://github.com/sindresorhus/globals/releases/tag/v15.13.0)

[Compare Source](https://github.com/sindresorhus/globals/compare/v15.12.0...v15.13.0)

-   Update globals

***

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am" (UTC), Automerge - "before 4am" (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yOC4wIiwidXBkYXRlZEluVmVyIjoiMzkuMjguMCIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6118
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-12-02 05:44:16 +00:00
Gusted
e7cffc378f
Fix: return correct type in GetSubModule
- `GetSubModules` already solely stores the URL of the submodule and not
a `*SubModule` entry, so don't try to type assert it to be a struct.
- I am not able to pinpoint when this was regressed but if I had to
guess it might be #4941.
- Added integration test.
2024-12-02 01:08:09 +01:00
Mathieu Fenniak
2faa7ce749 Rework GetLatestCommitStatusForPairs query using a subquery for PG compatibility (#6113)
## Scope

Intended to fix #6099; and moves related tests to integration tests (per. request https://codeberg.org/forgejo/forgejo/pulls/6105#issuecomment-2486228)

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests. **not applicable**
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes... **not applicable**
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] I do not want this change to show in the release notes.
  - Rationale: bug-fix for a change that hasn't been released yet.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6113
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
2024-12-01 19:15:31 +00:00
Gusted
d35bc0e636 Merge pull request 'feat: Add option to disable builtin authentication' (#6112) from squel/forgejo-disable-internal-signin into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6112
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-12-01 19:02:05 +00:00
Otto Richter
d2bf2e7631 Improve performance of allowed org repo creation query (#6100)
See https://codeberg.org/Codeberg-Infrastructure/build-deploy-forgejo/issues/144#issuecomment-2484031.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6100
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Otto Richter <git@otto.splvs.net>
Co-committed-by: Otto Richter <git@otto.splvs.net>
2024-12-01 15:16:25 +00:00
George Tsiamasiotis
a126477e86 feat: Add option to disable builtin authentication.
Setting ENABLE_INTERNAL_SIGNIN to false will disable the built-in
signin form, should the administrator prefer to limit users to SSO.

Continuation of forgejo/forgejo#6076
2024-12-01 15:50:10 +01:00
Renovate Bot
d68c99542c Update dependency djlint to v1.36.3 (forgejo) (#6108)
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-12-01 08:33:38 +00:00
Renovate Bot
5472cec885 Update dependency @vitest/eslint-plugin to v1.1.12 (forgejo) (#6107)
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-12-01 08:33:15 +00:00
Renovate Bot
a068209f64 Update dependency happy-dom to v15.11.7 (forgejo) (#6109)
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-12-01 07:26:10 +00:00
Renovate Bot
57fd321f85 Update dependency @stoplight/spectral-cli to v6.14.2 (forgejo) (#6106)
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-12-01 07:05:04 +00:00
Lunny Xiao
3135e146f9
Strict pagination check (#32548)
(cherry picked from commit c363bd06e93986a564601527ade219d602c9d8dd)

Conflicts:
	models/user/search.go
  change already done in 9b85f97835
2024-12-01 07:56:45 +01:00
Earl Warren
7bc6bd3095 Merge pull request 'Fix unconditional DB queries in commit status fetches' (#6105) from mfenniak/forgejo:fix-6101 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6105
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-12-01 06:42:43 +00:00
Mathieu Fenniak
bb8c712ffa add tests for GetLatestCommitStatusForRepoCommitIDs 2024-11-30 10:56:50 -07:00
Mathieu Fenniak
73583fdea1 Fix unconditional DB queries in commit status fetches 2024-11-30 10:42:38 -07:00
Earl Warren
ebf0179d61 Merge pull request 'Update dependency mermaid to v11.4.1 (forgejo)' (#6087) from renovate/forgejo-mermaid-11.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6087
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-11-30 06:32:16 +00:00
Gusted
ececc4fda0 Merge pull request 'typos, mostly from codespell, others just by eyeballing' (#6089) from FermeLeLundi/forgejo:forgejo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6089
Reviewed-by: Otto <otto@codeberg.org>
2024-11-29 21:59:43 +00:00
FermeLeLundi
1151ff1b26 Update modules/keying/keying.go
Remove trailing whitespace
2024-11-29 15:42:17 +00:00
Fermé le Lundi
75f703326f Merge branch 'forgejo' into forgejo 2024-11-29 15:37:59 +00:00
Mathieu Fenniak
77fafbe578 Add a "summary card" to issues & PRs for consumption by OpenGraph clients (#6053)
## Overview

Hi all, I'm a first-time contributor to Forgejo.  I was looking for something interesting to contribute and the first thing that caught my attention was https://codeberg.org/forgejo/forgejo/issues/6043, a request for an enhancement to include "issue previews" when publishing links to social media platforms.  As a bit of background, the way these platforms work is that they search for meta tags in the posted link's content, and if they find a meta `og:image` (along with other meta tags) they'll pull the image to include in the social media post.  Forgejo currently provides an `og:image` tag but it just renders the repository or repository-owner's avatar.

This PR will render `og:image` for an issue or PR into a link to `{...}/summary-card`, which is a dynamically generated image that contains a summary of the issue.

## Design Notes

### Rendering / Rasterization

The tricky part of solving this problem is rendering an image that combines some text, some images, and some layout elements.  To address this, I've created a `card` module which allows for a handful of operations:
- Create a new rendered image (a "Card")
- Add a margin to a card
- Split the card, horizontally or vertically, into two pieces with a proportional layout (eg. 70%/30%, as desired), each of which are "Cards" that render into the same root image
- Render text into a card, with line-wrapping and text-alignment capabilities
- Render an image onto a card
- Fetches an external image as safely as possible (for server-side fetch of Gravatar, etc.)

The card module can be reused to create `og:image` summary cards for any object in the future, although obviously it's capabilities are limited.  The current implementation is on issues/PRs.

I considered a few alternative approaches before taking this approach, and here's why I rejected those options:
- Provide the summary card as an SVG object which could be rendered much more easily with a template file -- however, support for SVG isn't defined as positive for OpenGraph, and a quick look through some existing implementations suggest that it is not widely supported, if at all
- Rendering as HTML/CSS, or SVG, and then using an external tool to convert into a PNG (or other static) image -- this would be much nicer and easier to implement, but would require tying in some very heavy-weight dependencies
- Rendering using a more sophisticated graphics library, eg. cairo -- also would be nicer and easier to implement, but again a heavy dependency for a small functionality

As a result of the limited capabilities of the new card module, summary cards don't have icons on them (which would require SVG rasterization) or pretty status badges with colors and rounded rects.  In the future if better drawing capabilities were added, the graphics could be improved, but it doesn't seem too important.

### External Avatars

In order to rasterize a user's avatar onto the summary card, it might have to be retrieved by the server from the external source (eg. Gravatar).  A `fetchExternalImage` routine attempts to do this in the safest way possible to protect the server from any possible security exposure from this; (a) verifying that the content-types are acceptable, (b) ensuring that the file-size and image-size are within the safe bounds that are used for custom avatars, (c) using a very-short timeout to avoid stalling the server if an external dependency is offline.

### Caching

Summary cards are cached after rendered.  This has the downside of causing updates to statuses, avatars, titles, etc. being stale on the summary card for the cache TTL.  However, during testing I found that some social media engines like Mastodon will cause the summary card to be accessed a significant number of times after being referenced by a post, causing a mini-tornado of requests.  The cache compensates for this to avoid server load in this situation.

### Scope

I'm considering out-of-scope:
- Summary cards on other objects (eg. repos, users) can be left for future implementation

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- ~~I added test coverage for JavaScript changes...~~ n/a, no JS changes
  - [x] ~~in `web_src/js/*.test.js` if it can be unit tested.~~
  - [x] ~~in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).~~
- Manual testing
  - [x] Access & attach screenshots of both an issue and a pull-request's summary card; see below
  - [x] Ensure reasonable (non-crash) behavior of rendering text with glyphs outside the font -- correctly rendered as replacement unicode chars
  - [x] Using a public test instance, verify that og:image behavior looks good on platforms like Mastodon and BlueSky
    - [x] Bluesky: 
    - [x] Mastodon:    (Note that the summary card will be requested many times as the post is federated; either each server, or each client, will fetch it itself)
    - [x] OpenGraph test site (https://www.opengraph.xyz/): 
    - [x] Discord: Looks OK ; needs "twitter:card" to be set to "summary_large_image" to display the large-scale image, but (a) that's probably annoying to use, (b) probably wrong because it doesn't match Twitter Card's spec for a "photographic image", and (c) don't want to encourage/continue use of vendor-specific tag
  - [x] Verify cases with user avatar missing (or autogen), and repo avatar missing (falls back to repo owner avatar)

Pull request summary card:
![image](/attachments/b64283e3-9a3c-4f19-9d00-961662ffe86b)

Issue summary card:
![image](/attachments/318ce589-02e0-493e-b10c-5b2cb2627db2)

(images to the right are the custom repo avatar, w/ fallback to the repo owner avatar)

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
  - OpenGraph capabilities are expected to work in the background without user awareness, and so there is no need for documentation to explain the capabilities for users.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6053
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
2024-11-29 15:02:03 +00:00
Gusted
0c2b01dbb4 Merge pull request 'Update dependency sortablejs to v1.15.6 (forgejo)' (#6095) from renovate/forgejo-sortablejs-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6095
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-11-29 14:56:26 +00:00
Renovate Bot
96e3b7db10 Update dependency sortablejs to v1.15.6 2024-11-29 00:02:57 +00:00
Fermé le Lundi
ac99be3bb7 Merge branch 'forgejo' into forgejo 2024-11-28 22:53:34 +00:00
Otto
48b91fa31a Merge pull request 'Improve Swagger documentation for user endpoints' (#6050) from JakobDev/forgejo:userswagger into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6050
Reviewed-by: Otto <otto@codeberg.org>
2024-11-28 20:42:19 +00:00
Fermé le Lundi
0e22875b8b Merge branch 'forgejo' into forgejo 2024-11-28 19:35:26 +00:00
JakobDev
76fb2afc40
Run make tidy 2024-11-28 19:36:55 +01:00
Earl Warren
fe246cc060 Merge pull request 'Update dependency sortablejs to v1.15.5 (forgejo)' (#6088) from renovate/forgejo-sortablejs-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6088
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-11-28 18:02:58 +00:00
FermeLeLundi
8b4b209861 Update tests/e2e/shared/forms.ts
Typo
2024-11-28 10:49:23 +00:00
FermeLeLundi
af8edb4ff3 Update tests/e2e/README.md
Typo
2024-11-28 10:48:04 +00:00
FermeLeLundi
f2b7cfa7f7 Update tests/integration/repo_tag_test.go
Typo
2024-11-28 10:39:38 +00:00
FermeLeLundi
f65fba1869 Update tests/integration/codeowner_test.go
Typo
2024-11-28 10:38:06 +00:00
FermeLeLundi
9ae95d7bbb Update modules/keying/keying_test.go
Typo
2024-11-28 10:35:55 +00:00
FermeLeLundi
229cb20f68 Update modules/keying/keying.go
Typo
2024-11-28 10:34:08 +00:00
FermeLeLundi
893c2f2d90 Update modules/git/repo_commit.go
Typo
2024-11-28 10:31:28 +00:00
FermeLeLundi
0f64c5a806 Update modules/indexer/code/elasticsearch/elasticsearch.go
Typo
2024-11-28 10:29:18 +00:00
FermeLeLundi
eef6d55877 Update modules/typesniffer/typesniffer.go
Typo
2024-11-28 10:27:33 +00:00
FermeLeLundi
01e1bc0cb8 Update web_src/js/features/comp/ComboMarkdownEditor.js
Typo
2024-11-28 10:26:12 +00:00
FermeLeLundi
99de40b73e Update routers/web/repo/issue.go
Typo
2024-11-28 10:23:45 +00:00
FermeLeLundi
f0de20e747 Update models/git/commit_status_test.go
Typos
2024-11-28 10:15:54 +00:00