This enabled HTTP time-based cache for storage assets, primarily
avatars. I have not observed If-Modified-Since from browsers during
tests but I guess it's good to support regardless.
It introduces a new generic httpcache module that can handle both
time-based and etag-based caching.
Additionally, manifest.json and robots.txt are now also cachable.
* Clarify app.example.ini documentation
Hard to understand if cron i needed to activate all other cron.
* Added missing "Extended cron tasks" to config-cheat-sheet.en-us.md
cron default is false - setting it true activates all cron. Changed the documentation accordingly
* Fixed spelling
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* add sdk links to docs
* Update docs/content/doc/advanced/api-usage.en-us.md
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: Markus <git+markus@obermui.de>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Use CSS Variables for fonts, remove postcss-loader
- Use CSS variables for fonts, making the fonts easier to customize
- Remove postcss-loader, it's not doing anything useful and is actually
applying strange transforms on our CSS.
Fixes: https://github.com/go-gitea/gitea/issues/11045
* introduce helper variable, mark documented vars
* work around case issue by always quoting specific fonts
* Align `SSH_AUTHORIZED_KEYS_BACKUP` var with the value in `app.ini`
* Also fix the cheat sheet and move it to below - SSH_CREATE_AUTHORIZED_KEYS_FILE
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
* Avatar support minio
* Support repo avatar minio storage
* Add missing migration
* Fix bug
* Fix test
* Add test for minio store type on avatars and repo avatars; Add documents
* Fix bug
* Fix bug
* Add back missed avatar link method
* refactor codes
* Simplify the codes
* Code improvements
* Fix lint
* Fix test mysql
* Fix test mysql
* Fix test mysql
* Fix settings
* Fix test
* fix test
* Fix bug
* first draft
* update gitea sdk to 9e280adb4da
* adapt feat of updated sdk
* releases now works
* break the Reactions loop
* use convertGiteaLabel
* fix endless loop because paggination is not supported there !!!
* rename gitea local uploader files
* pagination can bite you in the ass
* Version Checks
* lint
* docs
* rename gitea sdk import to miss future conficts
* go-swagger: dont scan the sdk structs
* make sure gitea can shutdown gracefully
* make GetPullRequests and GetIssues similar
* rm useles
* Add Test: started ...
* ... add tests ...
* Add tests and Fixing things
* Workaround missing SHA
* Adapt: Ensure that all migration requests are cancellable
(714ab71ddc)
* LINT: fix misspells in test set
* adapt ListMergeRequestAwardEmoji
* update sdk
* Return error when creating giteadownloader failed
* update sdk
* adapt new sdk
* adopt new features
* check version before err
* adapt: 'migrate service type switch page'
* optimize
* Fix DefaultBranch
* impruve
* handle subPath
* fix test
* Fix ReviewCommentPosition
* test GetReviews
* add DefaultBranch int test set
* rm unused
* Update SDK to v0.13.0
* addopt sdk changes
* found better link
* format template
* Update Docs
* Update Gitea SDK (v0.13.1)
* Add ssh certificate support
* Add ssh certificate support to builtin ssh
* Write trusted-user-ca-keys.pem based on configuration
* Update app.example.ini
* Update templates/user/settings/keys_principal.tmpl
Co-authored-by: silverwind <me@silverwind.io>
* Remove unused locale string
* Update options/locale/locale_en-US.ini
Co-authored-by: silverwind <me@silverwind.io>
* Update options/locale/locale_en-US.ini
Co-authored-by: silverwind <me@silverwind.io>
* Update models/ssh_key.go
Co-authored-by: silverwind <me@silverwind.io>
* Add missing creation of SSH.Rootpath
* Update cheatsheet, example and locale strings
* Update models/ssh_key.go
Co-authored-by: zeripath <art27@cantab.net>
* Update models/ssh_key.go
Co-authored-by: zeripath <art27@cantab.net>
* Update models/ssh_key.go
Co-authored-by: zeripath <art27@cantab.net>
* Update models/ssh_key.go
Co-authored-by: zeripath <art27@cantab.net>
* Update models/ssh_key.go
* Optimizations based on feedback
* Validate CA keys for external sshd
* Add filename option and change default filename
Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is
RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem
Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty.
Add some more documentation.
* Remove unneeded principalkey functions
* Add blank line
* Apply suggestions from code review
Co-authored-by: zeripath <art27@cantab.net>
* Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option
This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default
email,username this means that users only can add the principals
that match their email or username.
To allow anything the admin need to set the option anything.
This allows for a safe default in gitea which protects against malicious
users using other user's prinicipals. (before that user could set it).
This commit also has some small other fixes from the last code review.
* Rewrite principal keys file on user deletion
* Use correct rewrite method
* Set correct AuthorizedPrincipalsBackup default setting
* Rewrite principalsfile when adding principals
* Add update authorized_principals option to admin dashboard
* Handle non-primary emails
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add the command actually to the dashboard template
* Update models/ssh_key.go
Co-authored-by: silverwind <me@silverwind.io>
* By default do not show principal options unless there are CA keys set or they are explicitly set
Signed-off-by: Andrew Thornton <art27@cantab.net>
* allow settings when enabled
* Fix typos in TrustedUserCAKeys path
* Allow every CASignatureAlgorithms algorithm
As this depends on the content of TrustedUserCAKeys we should allow all
signature algorithms as admins can choose the specific algorithm on their
signing CA
* Update models/ssh_key.go
Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix linting issue
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Change default log configuration
This PR changes the install page and the docker default
logging configuration to match the suggested configuration
that I repeatedly end up suggesting on issues.
It further improves the logging configuration docs to
recommend specific instructions for how to configure logs
for posting to issues.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update docs/content/doc/advanced/logging-documentation.en-us.md
* Disable DSA ssh keys by default
OpenSSH has disabled DSA keys since version 7.0
As the docker runs openssh > v7.0 we should just disable
DSA keys by default.
Refers to #11417
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Just disable DSA keys by default
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Appears we need to set the minimum key sizes too
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Appears we need to set the minimum key sizes too
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Remove DSA type
* Fix Tests
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Extend git hook warning in the UI.
Git hooks are a dangerous feature, administrators should be warned before giving
the git hook privilege to users.
* Disable Git hooks by default and add warning.
Git hooks are a dangerous features (see warning text) that should only
be enabled if the administrator was informed about the risk involved.
Co-authored-by: Niklas Goerke <goerke@fzi.de>
* Clarification on the use of certificate chains
* As per @bagasme
Co-authored-by: Bagas Sanjaya <bagasdotme@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Bagas Sanjaya <bagasdotme@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Allow common redis and leveldb connections
Prevents multiple reopening of redis and leveldb connections to the same
place by sharing connections.
Further allows for more configurable redis connection type using the
redisURI and a leveldbURI scheme.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* add unit-test
Signed-off-by: Andrew Thornton <art27@cantab.net>
* as per @lunny
Signed-off-by: Andrew Thornton <art27@cantab.net>
* add test
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update modules/cache/cache_redis.go
* Update modules/queue/queue_disk.go
* Update modules/cache/cache_redis.go
* Update modules/cache/cache_redis.go
* Update modules/queue/unique_queue_disk.go
* Update modules/queue/queue_disk.go
* Update modules/queue/unique_queue_disk.go
* Update modules/session/redis.go
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Add configurable Trust Models
Gitea's default signature verification model differs from GitHub. GitHub
uses signatures to verify that the committer is who they say they are -
meaning that when GitHub makes a signed commit it must be the committer.
The GitHub model prevents re-publishing of commits after revocation of a
key and prevents re-signing of other people's commits to create a
completely trusted repository signed by one key or a set of trusted
keys.
The default behaviour of Gitea in contrast is to always display the
avatar and information related to a signature. This allows signatures to
be decoupled from the committer. That being said, allowing arbitary
users to present other peoples commits as theirs is not necessarily
desired therefore we have a trust model whereby signatures from
collaborators are marked trusted, signatures matching the commit line
are marked untrusted and signatures that match a user in the db but not
the committer line are marked unmatched.
The problem with this model is that this conflicts with Github therefore
we need to provide an option to allow users to choose the Github model
should they wish to.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Adjust locale strings
Signed-off-by: Andrew Thornton <art27@cantab.net>
* as per @6543
Co-authored-by: 6543 <6543@obermui.de>
* Update models/gpg_key.go
* Add migration for repository
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* libffi-dev is required for building jupyter
* matplotlib can not be installed using wheels on the used version of alpine
linux, which means it must be compiled and a large number of other packages
have to be installed as well.
This is very inefficient: see eg.
https://pythonspeed.com/articles/alpine-docker-python/
Apart from that, matplotlib is actually not required for rendering
notebook files in gitea and it will pull in other dependencies which take some
time to build (ie numpy).
* LFS support to be stored on minio
* Fix test
* Fix lint
* Fix lint
* Fix check
* Fix test
* Update documents and add migration for LFS
* Fix some bugs
* Add 'make watch'
This combines frontend and backend watch into a single command that runs
them in parallel on on SIGINT terminates both.
Termination is not super-clean but I guess it does not have to.
* move to tools/, trap more signals, remove gnu-specific flag
* simplify
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Restrict TLS connections to 1.2 minimum
* Set Argon2 as the default KDF
* Fix user.yml
* Remove TLS minversion changes
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add migration as per @techknowlogick
Signed-off-by: Andrew Thornton <art27@cantab.net>
* set the password algo in the fixtures
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Remove the v148 migration - it needs recreate table to change the defaults
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Nadim Kobeissi <nadim@symbolic.software>
* Support elastic search for code search
* Finished elastic search implementation and add some tests
* Enable test on drone and added docs
* Add new fields to elastic search
* Fix bug
* remove unused changes
* Use indexer alias to keep the gitea indexer version
* Improve codes
* Some code improvements
* The real indexer name changed to xxx.v1
Co-authored-by: zeripath <art27@cantab.net>
* Disable password complexity check default
These features enourange bad passwords/are annoying for people using better password methods, and at minimum we shouldn't force that as a default for obvious reasons. Disable any default check to avoid regular complaints.
* fix copy paste format
* Add a storage layer for attachments
* Fix some bug
* fix test
* Fix copyright head and lint
* Fix bug
* Add setting for minio and flags for migrate-storage
* Add documents
* fix lint
* Add test for minio store type on attachments
* fix test
* fix test
* Apply suggestions from code review
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Add warning when storage migrated successfully
* Fix drone
* fix test
* rebase
* Fix test
* display the error on console
* Move minio test to amd64 since minio docker don't support arm64
* refactor the codes
* add trace
* Fix test
* remove log on xorm
* Fi download bug
* Add a storage layer for attachments
* Add setting for minio and flags for migrate-storage
* fix lint
* Add test for minio store type on attachments
* Apply suggestions from code review
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Fix drone
* fix test
* Fix test
* display the error on console
* Move minio test to amd64 since minio docker don't support arm64
* refactor the codes
* add trace
* Fix test
* Add URL function to serve attachments directly from S3/Minio
* Add ability to enable/disable redirection in attachment configuration
* Fix typo
* Add a storage layer for attachments
* Add setting for minio and flags for migrate-storage
* fix lint
* Add test for minio store type on attachments
* Apply suggestions from code review
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Fix drone
* fix test
* Fix test
* display the error on console
* Move minio test to amd64 since minio docker don't support arm64
* don't change unrelated files
* Fix lint
* Fix build
* update go.mod and go.sum
* Use github.com/minio/minio-go/v6
* Remove unused function
* Upgrade minio to v7 and some other improvements
* fix lint
* Fix go mod
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-authored-by: Tyler <tystuyfzand@gmail.com>
* Add 'watch-backend'
This leverages `air` to watch the backend files and trigger `make
backend` automatically when they change. It seems to work rather well
together with `watch-frontend`.
Fixes: https://github.com/go-gitea/gitea/issues/12318
* rework docs to a new section for continuous build
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Add mermaid JS renderer
For feature parity with GitLab. Tested in files, issues, wiki, editor.
arc-green only does an inversion because the renderer seems to like to
render white backgrounds on boxes.
Ref: https://github.com/go-gitea/gitea/issues/3340
Fixes: https://github.com/go-gitea/gitea/issues/12307
* add feature entry, switch to neutral theme, remove border
* add bindFunctions support
* remove unnecessary border-radius
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Rework 'make generate-images'
- Remove external dependencies and replace it with a node script that
does does the same.
- Move detail removal from gitea-sm.png to favicon.png
- Remove favicon.ico and its generation, it is unused and we already serve
favicon.png in its place.
Fixes: https://github.com/go-gitea/gitea/issues/12314
* use proper centering value for preserveAspectRatio
* fix lint
* use fabric
* better linting fix
* fix typo
* mention detail-remove class in docs
* Clarify documentation of SKIP_VERIFY
The documentation clearly documents the empty value as the default,
however at least one user reported this as being unclear. Mark values
explicitly so it is clear what values it can take. This clarifies that
an empty value in fact leaves certificate verification enabled, whereas
it has to be explicitly set to true to disable certificate verification.
Resolves: #12117
Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
* Update custom/conf/app.example.ini
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
* Update custom/conf/app.example.ini
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Introduce 'make svg' which calls a node script that compiles svg files
to `public/img/svg`. These files are vendored to not create a dependency
on Node for the backend build.
On the frontend side, configure webpack using `raw-loader` so SVGs can
be imported as string.
Also moved our existing SVGs to web_src/svg for consistency.
Fixes: https://github.com/go-gitea/gitea/issues/11618
* Make LogDescriptions race safe
* Add manager commands for pausing, resuming, adding and removing loggers
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Placate lint
* Ensure that file logger is run!
* Add support for smtp and conn
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add release-and-reopen
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
Move EventSource to use a SharedWorker. This prevents issues with HTTP/1.1
open browser connections from preventing gitea from opening multiple tabs.
Also allow setting EVENT_SOURCE_UPDATE_TIME to disable EventSource updating
Fix#11978
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Rename custom/conf/app.ini.sample to custom/conf/app.sample.ini for better syntax light on editor
* rename to app.example.ini
* per @6543 's comment, update all references on docs
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
6543
silverwind
Lunny Xiao
John Olheiser
Mattias Persson
M4RKUS-11111
Patrick Schratz
Johan Van de Wauw
Robin
Wim
zeripath
Niklas Goerke
Rongjian Zhang
PE1NUT
Tait Hoyem
Melroy van den Berg
Martin
mrsdizzie
techknowlogick
Alexander Scheel
Bagas Sanjaya