Commit graph

15643 commits

Author SHA1 Message Date
Earl Warren
15ea9ff411
[CI] disable redis test, no redis server yet in CI
(cherry picked from commit e1bbfa3619)
(cherry picked from commit 91245ca917)
(cherry picked from commit 705d0558be)
(cherry picked from commit 9247594970)
(cherry picked from commit 9db1158a48)
2023-06-12 23:42:37 +02:00
Loïc Dachary
eca09dec90
[CI] tests/pgsql.ini.tmpl: do not use minio
f92e0a4018 added minio to the tests/pgsql.ini.tmpl and Forgejo CI does
not run a minio server. It will if there are external storage related
changes at some point but it is not the case now so it is not worth
the burden.

(cherry picked from commit 4cfbf4718d)
(cherry picked from commit 9bd644d601)
(cherry picked from commit 604636c7c4)
(cherry picked from commit 341cdb8540)
(cherry picked from commit 57bdc91de5)
(cherry picked from commit c6ec6517b4)
(cherry picked from commit 2f03fc1b29)
(cherry picked from commit aaecd10966)
(cherry picked from commit 7025ff7b06)
(cherry picked from commit 15e6485ae1)
(cherry picked from commit 5f7b23c659)
(cherry picked from commit a74d7ce6c5)
(cherry picked from commit f552e2fc56)
2023-06-12 23:42:37 +02:00
Loïc Dachary
cc8274ea54
[CI] set PASSWORD_HASH_ALGO = argon2 for integration tests
(cherry picked from commit 1d7ce2a39c)
(cherry picked from commit 3af8757583)
(cherry picked from commit 0b81815209)
(cherry picked from commit 7180a3222a)
(cherry picked from commit 069044f4a6)
(cherry picked from commit dd1438f389)
(cherry picked from commit 4ae6b5d64d)
(cherry picked from commit c572666d78)
(cherry picked from commit de0a4480bc)
(cherry picked from commit 60272ef4f7)
(cherry picked from commit a68fdde4be)
(cherry picked from commit ff448cf3a6)
(cherry picked from commit 208498caaa)
(cherry picked from commit 1abd3efad8)
(cherry picked from commit 818c7f4ca9)
(cherry picked from commit 1e552bbe44)
2023-06-12 23:42:37 +02:00
Loïc Dachary
369cdf554c
[CI] implementation: forgejo container images
(cherry picked from commit dd1971d4e6)
(cherry picked from commit 3981dbaf8c)
(cherry picked from commit 8dff3cc2d1)
(cherry picked from commit e7673e5d22)
(cherry picked from commit 326174064b)
(cherry picked from commit eb769dbde4)
(cherry picked from commit 335829ade2)
(cherry picked from commit 5e8e4f549d)

Conflicts:
	Dockerfile
	Dockerfile.rootless
(cherry picked from commit b777fc91d0)
(cherry picked from commit 02cda642ec)
(cherry picked from commit 96ef93f3bc)
(cherry picked from commit aa424551f2)

Conflicts:
	Dockerfile
	Dockerfile.rootless
(cherry picked from commit e54fa86e49)
(cherry picked from commit 043fa6d664)
(cherry picked from commit 805b162480)
(cherry picked from commit 86bf362a3c)
(cherry picked from commit 13e0007959)
2023-06-12 23:42:37 +02:00
Loïc Dachary
c0ce72ba12
[CI] Woodpecker based releases process
(cherry picked from commit c2a7aaeee8)
(cherry picked from commit 6b6007fbce)
(cherry picked from commit 63608a221e)
(cherry picked from commit 5cfe60baa7)
(cherry picked from commit 2af4c73d12)
(cherry picked from commit 1985959bfe)
(cherry picked from commit 880424c77e)
(cherry picked from commit c78a861d1b)
(cherry picked from commit 25c1227011)
(cherry picked from commit 7195e894ee)
(cherry picked from commit cf15153873)
(cherry picked from commit 9bee773c95)
(cherry picked from commit 581c3060da)
(cherry picked from commit bf550f9b2c)
(cherry picked from commit b570eca0b9)

[CI] implementation: Woodpecker based CI (squash)

Upgrade xgo to Go v1.20 for building binaries

(cherry picked from commit 6308c776b6)

[CI] v1.20: switch PR check from Woodpecker CI to Forgejo Actions

The PR checks for v1.19 still rely on Woodpecker CI. Keeping
.woodpecker in v1.20 while both Woodpecker CI & Forgejo Actions are
enabled would dupicate the checks.

The release process in releases remains Woodpecker CI.

(cherry picked from commit 93e42f3f53)
(cherry picked from commit 599c5162ad)
2023-06-12 23:42:37 +02:00
Loïc Dachary
318c26ec92
[CI] implementation: publish forgejo- binaries instead of gitea-
(cherry picked from commit 6d910daafb)
(cherry picked from commit d447861cc9)
(cherry picked from commit dc6e9d8799)
(cherry picked from commit ef232fa20c)
(cherry picked from commit 290c55517a)
(cherry picked from commit db48af1784)
(cherry picked from commit 85f33237a2)
(cherry picked from commit 76899ee33e)
(cherry picked from commit 148b3ee9cb)
(cherry picked from commit 1f6ad8f465)
(cherry picked from commit c330afdba3)
(cherry picked from commit b1f87075a7)
(cherry picked from commit 7da40992cc)
(cherry picked from commit 7ab19ff5e5)
(cherry picked from commit e61e44921b)
(cherry picked from commit 83646119fb)
(cherry picked from commit 20cf748e61)
2023-06-12 23:42:37 +02:00
Giteabot
3e9fc36729
Remove hacky patch for "safari emoji glitch fix" (#25208) (#25211)
Backport #25208 by @wxiaoguang

According to my test, the UI (emoji) is fine in Safari

And actually the code is just dead code, because the "resize" event is
never fired on page loading. So for most cases users just view the pages
without this hacky patch, nobody ever complains.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-06-12 18:16:04 +02:00
Giteabot
8e798ebbdf
Fix fullscreen for action (#25200) (#25207)
Backport #25200 by @HesterG

An error occurs when clicking on `show full screen` on action page.

<img width="1440" alt="Screen Shot 2023-06-12 at 13 06 52"
src="https://github.com/go-gitea/gitea/assets/17645053/1d4ded3c-fb77-4dd8-9201-24d0696f96eb">


class name has changed in #25134, so the selector is not working. 
Enhance the selectors to fix this.

Co-authored-by: HesterG <hestergong@gmail.com>
2023-06-12 15:41:13 +00:00
Giteabot
0ad5ae0dbf
Improve some documents: release version, logging, NFS lock (#25202) (#25204)
Backport #25202 by @wxiaoguang

Close #23654

Close #24684


@techknowlogick I still think we need to rename
https://dl.gitea.com/gitea/1.20/ to
https://dl.gitea.com/gitea/1.20-nightly/

`/gitea/1.20/` is quite confusing, it needs these words to explain why.
If we call it `1.20-nightly`, the FAQ can be simplified a lot.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-06-12 23:17:43 +08:00
Giteabot
0cf467e9e0
Minor arc-green color tweaks (#25175) (#25205)
Backport #25175 by @silverwind

Some minor color tweaks

<img width="1271" alt="Screenshot 2023-06-09 at 13 29 25"
src="https://github.com/go-gitea/gitea/assets/115237/b7b34995-5d34-461f-8d19-4f5755a98109">
<img width="1272" alt="Screenshot 2023-06-09 at 13 31 20"
src="https://github.com/go-gitea/gitea/assets/115237/63c866b4-797e-46ed-ba28-b1162ccd3e15">
<img width="1276" alt="Screenshot 2023-06-09 at 13 32 21"
src="https://github.com/go-gitea/gitea/assets/115237/de7ee02e-d0c7-4979-a8aa-0fd03e8db491">

Co-authored-by: silverwind <me@silverwind.io>
2023-06-12 13:56:59 +02:00
Giteabot
5ff0f7d0ca
Add WithPullRequest for actionsNotifier (#25144) (#25197)
Backport #25144 by @Zettat123

Fix #25093

If
[`WithPullRequest`](679b1f7949/services/actions/notifier_helper.go (L90-L96))
is not called, the `Ref` in
[`notifyInput`](679b1f7949/services/actions/notifier_helper.go (L55-L65))
will be empty, so the workflows in the head branch will not be found and
triggered.
2023-06-12 17:08:09 +08:00
silverwind
224ee0d4e5
Fix strange UI behavior of cancelling dismiss review modal (#25172)
Backport clean cherry-picks of
https://github.com/go-gitea/gitea/pull/25133 and
https://github.com/go-gitea/gitea/pull/25162 to 1.20.
2023-06-11 02:54:30 +00:00
silverwind
ee26d1c578
Button and color enhancements (#24989) (#25176)
Backport #24989. Clean cherry-pick aside from one small conflict with
divider.

- Various corrections to button styles, especially secondary
- Remove focus highlight, it's annoying when it stays on button after
press
- Clearly define ghost and link buttons with demos in devtest
- Remove black, grey and tertiary buttons, they should not be used
- Make `arc-green` slightly darker

<img width="1226" alt="image"

src="https://github.com/go-gitea/gitea/assets/115237/8d89786a-01ab-40f8-ae5a-e17f40e35084">
<img width="1249" alt="image"

src="https://github.com/go-gitea/gitea/assets/115237/83651e6d-3c27-46ff-b8bd-ff344d70e949">
2023-06-11 02:13:08 +00:00
Giteabot
18093d4c9a
Fix mobile navbar and misc cleanups (#25134) (#25169)
Backport #25134 by @silverwind

- Fix and improve mobile navbar layout
- Apply all cleanups suggested in
https://github.com/go-gitea/gitea/pull/25111
- Make media query breakpoints match Fomantic's exactly
- Clean up whitespace in class on navbar items

Mobile navbar before and after:
<img width="745" alt="Screenshot 2023-06-08 at 08 40 56"
src="https://github.com/go-gitea/gitea/assets/115237/ca84b239-b10f-41db-8c06-dcf2b6dd9d28">
<img width="739" alt="Screenshot 2023-06-08 at 08 41 23"
src="https://github.com/go-gitea/gitea/assets/115237/09133c54-eb7e-4110-858c-ead23c3b7521">
2023-06-11 09:50:39 +08:00
Giteabot
de1d14590d
Fix bug for code search if code is disabled (#25173) (#25181)
Backport #25173 by @lunny

Fix https://github.com/go-gitea/gitea/pull/24189/files#r1224144768

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-06-09 19:32:55 +00:00
Giteabot
0058453fd9
Modify OAuth login ui and fix display name, iconurl related logic (#25030) (#25161)
Backport #25030 by @HesterG

Close #24808 

Co-Authour @wxiaoguang @silverwind 

1. Most svgs are found from https://worldvectorlogo.com/ , and some are
from conversion of png to svg. (facebook and nextcloud). And also
changed `templates/user/settings/security/accountlinks.tmpl`.

2. Fixed display name and iconurl related logic

# After

<img width="1436" alt="Screen Shot 2023-06-05 at 14 09 05"
src="https://github.com/go-gitea/gitea/assets/17645053/a5db39d8-1ab0-4676-82a4-fba60a1d1f84">

On mobile

<img width="378" alt="Screen Shot 2023-06-05 at 14 09 46"
src="https://github.com/go-gitea/gitea/assets/17645053/71d0f51b-baac-4f48-8ca2-ae0e013bd62e">


user/settings/security/accountlinks (The dropdown might be improved
later)

<img width="973" alt="Screen Shot 2023-06-01 at 10 01 44"
src="https://github.com/go-gitea/gitea/assets/17645053/27010e7e-2785-4fc5-8c49-b06621898f37">

Co-authored-by: HesterG <hestergong@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-06-09 10:59:18 +00:00
Giteabot
7679f4d51a
Fix open redirect check for more cases (#25143) (#25154)
Backport #25143 by @lafriks

If redirect_to parameter has set value starting with `\\example.com`
redirect will be created with header `Location: /\\example.com` that
will redirect to example.com domain.

Co-authored-by: Lauris BH <lauris@nix.lv>
2023-06-08 18:03:42 +02:00
Giteabot
82a8c26bbf
Update js dependencies (#25137) (#25151)
Backport #25137 by @silverwind

- Update all JS dependencies
- Tweak eslint for more generic globs
- Tested mermaid, pdf, monaco

Co-authored-by: silverwind <me@silverwind.io>
2023-06-08 12:05:13 +00:00
Giteabot
cb113991a3
Remove incorrect element ID on "post-install" page (#25104) (#25129)
Backport #25104 by @wxiaoguang

That ID is a "copy&paste" error, it conflicts with the
`initRepoMigrationStatusChecker` logic, which is the right function for
a real `#repo_migrating` element. That wrong ID causes incorrect page
navigation after installation.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-06-08 11:22:32 +00:00
Giteabot
0bf07a7f61
Improve notification icon and navbar (#25111) (#25124)
Backport #25111 by @silverwind

Improvements to the notification icon and `<nav>`:

- Add a opaque color for header hover and use it, allowing the border to
be the right color on hover (sadly, not otherwise possible with CSS, not
even `color-mix`).
- Increase font size by 1px
- Use flexbox for slightly better text centering
- Reduce padding of user and add repo button, add margin on right side
of user menu
- Remove the `following bar` wrapper on navbar

<img width="176" alt="Screenshot 2023-06-07 at 00 07 08"
src="https://github.com/go-gitea/gitea/assets/115237/23cdc3d6-7f63-49df-bec3-f2e75e32a304">
<img width="63" alt="Screenshot 2023-06-07 at 00 07 14"
src="https://github.com/go-gitea/gitea/assets/115237/fae602c2-4467-4d50-b1ec-56317843f9a2">
<img width="84" alt="Screenshot 2023-06-07 at 00 07 36"
src="https://github.com/go-gitea/gitea/assets/115237/c48141b8-0b3c-48cc-846a-3a272524dbdb">
<img width="329" alt="Screenshot 2023-06-07 at 00 25 10"
src="https://github.com/go-gitea/gitea/assets/115237/cda612f1-426e-466b-a351-fc992bfd18fd">
<img width="186" alt="Screenshot 2023-06-07 at 00 35 45"
src="https://github.com/go-gitea/gitea/assets/115237/04484a2e-9bbf-493c-aa26-8e936da008fa">
<img width="797" alt="Screenshot 2023-06-07 at 16 57 40"
src="https://github.com/go-gitea/gitea/assets/115237/e7ccb672-5807-4cb6-b306-b18ae0c7e321">

---------

Co-authored-by: silverwind <me@silverwind.io>
2023-06-08 10:19:13 +00:00
Giteabot
adb5b9c061
Fix incorrect git ignore rule and add missing license files (#25135) (#25138)
Backport #25135 by @yp05327

Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: silverwind <me@silverwind.io>
2023-06-08 09:41:08 +00:00
HesterG
f0c967560a
Change branch name from master to main in some documents' links (#25126) (#25140)
Backport #25126 to 1.20

As title. And needs to backport to 1.19
2023-06-08 09:40:05 +00:00
Giteabot
1cc63ade82
Fix MilestoneIDs when querying issues (#25125) (#25141)
Backport #25125 by @Zettat123

Fix #25114

Co-authored-by: Zettat123 <zettat123@gmail.com>
2023-06-08 11:03:53 +02:00
Denys Konovalov
eac1bddb8d
fix swagger documentation for multiple files API endpoint (#25110)
Fixes some issues with the swagger documentation for the new multiple
files API endpoint (#24887) which were overlooked when submitting the
original PR:

1. add some missing parameter descriptions
2. set correct `required` option for required parameters
3. change endpoint description to match it full functionality (every
kind of file modification is supported, not just creating and updating)
2023-06-07 23:49:58 +08:00
wxiaoguang
027014d7de
Fix webauthn regression and improve code (#25113)
Follow:

* #22697

There are some bugs in #22697:

* https://github.com/go-gitea/gitea/pull/22697#issuecomment-1577957966
* the webauthn failure message is never shown and causes console error
* The `document.getElementById('register-button')` and
`document.getElementById('login-button')` is wrong
    * there is no such element in code
    * it causes JS error when a browser doesn't provide webauthn
    * the end user can't see the real error message

These bugs are fixed in this PR.

Other changes:

* Use simple HTML/CSS layouts, no need to use too many `gt-` patches
* Make the webauthn page have correct "page-content" layout
* The "data-webauthn-error-msg" elements are only used to provide locale
texts, so move them into a single "gt-hidden", then no need to repeat a
lot of "gt-hidden" in code
* The `{{.CsrfTokenHtml}}`  is a no-op because there is no form
* Many `hideElem('#webauthn-error')` in code is no-op because the
`webauthn-error` already has "gt-hidden" by default
* Make the tests for "URLEncodedBase64" really test with concrete cases.


Screenshots:

* Error message when webauthn fails (before, there is no error message):

<details>


![image](https://github.com/go-gitea/gitea/assets/2114189/93cf9559-d93b-4f06-9d98-0f7032d9c65b)

</details>

* Error message when webauthn is unavailable 

<details>


![image](https://github.com/go-gitea/gitea/assets/2114189/ffc0fcd9-b93b-4418-979c-c89bb627aaf2)

</details>
2023-06-07 19:20:18 +08:00
HesterG
58536093b3
Add details summary for vertical menus in settings to allow toggling (#25098)
Close #25051
[referenced
answer](https://stackoverflow.com/questions/10813581/can-i-replace-the-expand-icon-of-the-details-element/69722686#69722686)
for marker overwrite. One limitation is that fomantic does not have
hover and active effects for the vertical submenu
([reference](https://fomantic-ui.com/collections/menu.html#sub-menu)).
And we might need to overwrite some styles if hover and active effects
are needed.

Update:
Used `data:image/svg` instead of `marker` content. And adjusted styles
for hover effect.

Take admin settings as an example:

https://github.com/go-gitea/gitea/assets/17645053/63f69823-ef43-47d5-a518-544b5ea35ba6

---------

Co-authored-by: silverwind <me@silverwind.io>
2023-06-07 10:49:48 +08:00
Jason Song
379ec13030
Fix 500 error caused by notifications without an issue such as repo transfers (#25101) 2023-06-06 23:17:56 +08:00
zeripath
036fb7861f
Clean up WebAuthn javascript code and remove JQuery code (#22697)
There were several issues with the WebAuthn registration and testing
code and the style
was very old javascript with jquery callbacks.

This PR uses async and fetch to replace the JQuery code.

Ref #22651

Signed-off-by: Andrew Thornton <art27@cantab.net>

---------

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: silverwind <me@silverwind.io>
2023-06-06 13:29:37 +08:00
silverwind
c09f747b51
Enable all webpack sourcemaps in dev build, disable all in prod build (#25089)
- Enable all source maps in dev build
- Disable all source maps in prod build
- Provide `ENABLE_SOURCEMAP` env var to override it.

I think the strange error seen in
https://github.com/go-gitea/gitea/issues/24784 is sourcemap related, so
if we enable/disable them all, it might go away. But it's most
definitely a Safari bug.

With all sourcemaps disabled, binary size goes down by around 1-2 MB,
with all enabled it goes up by around 12MB. If +12MB is acceptable, we
could also always enable them by default as fully source maps do have
some debugging benefits.
2023-06-06 12:57:08 +08:00
Yevhen Pavlov
8d7893e817
Don't display select all issues checkbox when no issues are available (#25086)
Before:

![image](https://github.com/go-gitea/gitea/assets/1969460/8830c077-89d4-4897-a6e0-f5dba6830ff7)

After:

![image](https://github.com/go-gitea/gitea/assets/1969460/8fa06878-496b-4f65-87eb-04e1f94d4a3c)
2023-06-06 08:19:24 +08:00
techknowlogick
7c778d6b5e
change placeholders in actions docs 2023-06-05 11:32:56 -04:00
techknowlogick
d302a5ee65
change placeholders in actions docs 2023-06-05 11:28:51 -04:00
6543
395a6fabf3
fix "Remove stars when repo goes private #19904" (#25084)
https://github.com/go-gitea/gitea/pull/19904#discussion_r1218111682
2023-06-05 15:23:09 +00:00
sillyguodong
1a5f478ae1
Introduce how to configure cache when starting a Runner with Docker (#25077)
If a user starts a runner using a Docker image without making additional
configurations, the [cache action](https://github.com/actions/cache)
will not work properly.
Therefore, add a section in the documentation that explains how to
configure the cache correctly.
2023-06-05 14:12:55 +00:00
Wim
62ac3251fa
Remove stars when repo goes private (#19904)
Fixes #18600
2023-06-05 13:25:43 +00:00
wxiaoguang
8e63373c01
Use correct selector for hiding RSS icon link in the branch selector dropdown (#25080)
Fix  #25079


![image](https://github.com/go-gitea/gitea/assets/2114189/5d3f2f49-018a-4b75-8c90-ffafd898697a)


![image](https://github.com/go-gitea/gitea/assets/2114189/3e9dcf2e-eca7-4e96-be79-3b26f222cdb9)


![image](https://github.com/go-gitea/gitea/assets/2114189/855fffa4-0220-4ca2-a5e0-58c376fdc378)


![image](https://github.com/go-gitea/gitea/assets/2114189/f5ffa7e6-a974-4698-a45d-e38091903be1)
2023-06-05 12:34:25 +00:00
Lunny Xiao
315124b469
Fix parallelly generating index failure with Mysql (#24567) 2023-06-05 10:33:47 +00:00
Lunny Xiao
3d1fda737b
Use git command instead of the ini package to remove the origin remote (#25066) 2023-06-05 18:05:31 +08:00
Lunny Xiao
d851bd9a6b
improve permission documentation (#23942) 2023-06-05 15:43:17 +08:00
Lunny Xiao
11598885b3
Use RepositoryList instead of []*Repository (#25074) 2023-06-05 15:25:47 +08:00
Denys Konovalov
ca35dec18b
Add ability to set multiple redirect URIs in OAuth application UI (#25072)
OAuth applications can already have multiple redirect URIs if
created/edited over API.

This change allows for setting multiple redirect URIs through the UI as
a comma-separated list (e. g.
`https://example.org/redirect,https://redirect.example.org`)

<details>
<summary>Screenshots</summary>

![Bildschirmfoto vom 2023-06-04
17-14-40](https://github.com/go-gitea/gitea/assets/47871822/2206dc32-e7e4-4953-9ecb-e098890b3f54)
![Bildschirmfoto vom 2023-06-04
17-14-50](https://github.com/go-gitea/gitea/assets/47871822/cd97c73c-9310-44ee-a83a-b927a1ef94da)

</details>

Closes #25068
2023-06-05 15:00:12 +08:00
JakobDev
7d192cb674
Add Progressbar to Milestone Page (#25050)
This is adds the progress bar, which is already on the Milestone List,
also to the Page of a Single Milestone.


![grafik](https://github.com/go-gitea/gitea/assets/15185051/24e0fa28-369b-4bb9-807a-ee823b46ba81)

---------

Co-authored-by: silverwind <me@silverwind.io>
2023-06-05 14:25:46 +08:00
GiteaBot
d63d8108b4 [skip ci] Updated licenses and gitignores 2023-06-05 00:27:49 +00:00
Jack Hay
18de83b2a3
Redesign Scoped Access Tokens (#24767)
## Changes
- Adds the following high level access scopes, each with `read` and
`write` levels:
    - `activitypub`
    - `admin` (hidden if user is not a site admin)
    - `misc`
    - `notification`
    - `organization`
    - `package`
    - `issue`
    - `repository`
    - `user`
- Adds new middleware function `tokenRequiresScopes()` in addition to
`reqToken()`
  -  `tokenRequiresScopes()` is used for each high-level api section
- _if_ a scoped token is present, checks that the required scope is
included based on the section and HTTP method
  - `reqToken()` is used for individual routes
- checks that required authentication is present (but does not check
scope levels as this will already have been handled by
`tokenRequiresScopes()`
- Adds migration to convert old scoped access tokens to the new set of
scopes
- Updates the user interface for scope selection

### User interface example
<img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3">
<img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c">

## tokenRequiresScopes  Design Decision
- `tokenRequiresScopes()` was added to more reliably cover api routes.
For an incoming request, this function uses the given scope category
(say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say
`DELETE`) and verifies that any scoped tokens in use include
`delete:organization`.
- `reqToken()` is used to enforce auth for individual routes that
require it. If a scoped token is not present for a request,
`tokenRequiresScopes()` will not return an error

## TODO
- [x] Alphabetize scope categories
- [x] Change 'public repos only' to a radio button (private vs public).
Also expand this to organizations
- [X] Disable token creation if no scopes selected. Alternatively, show
warning
- [x] `reqToken()` is missing from many `POST/DELETE` routes in the api.
`tokenRequiresScopes()` only checks that a given token has the correct
scope, `reqToken()` must be used to check that a token (or some other
auth) is present.
   -  _This should be addressed in this PR_
- [x] The migration should be reviewed very carefully in order to
minimize access changes to existing user tokens.
   - _This should be addressed in this PR_
- [x] Link to api to swagger documentation, clarify what
read/write/delete levels correspond to
- [x] Review cases where more than one scope is needed as this directly
deviates from the api definition.
   - _This should be addressed in this PR_
   - For example: 
   ```go
	m.Group("/users/{username}/orgs", func() {
		m.Get("", reqToken(), org.ListUserOrgs)
		m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions)
}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser,
auth_model.AccessTokenScopeCategoryOrganization),
context_service.UserAssignmentAPI())
   ```

## Future improvements
- [ ] Add required scopes to swagger documentation
- [ ] Redesign `reqToken()` to be opt-out rather than opt-in
- [ ] Subdivide scopes like `repository`
- [ ] Once a token is created, if it has no scopes, we should display
text instead of an empty bullet point
- [ ] If the 'public repos only' option is selected, should read
categories be selected by default

Closes #24501
Closes #24799

Co-authored-by: Jonathan Tran <jon@allspice.io>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2023-06-04 20:57:16 +02:00
wxiaoguang
520eb57d76
Use a separate admin page to show global stats, remove actions stat (#25062)
Before, Gitea shows the database table stats on the `admin dashboard`
page.

It has some problems:

* `count(*)` is quite heavy. If tables have many records, this blocks
loading the admin page blocks for a long time
* Some users had even reported issues that they can't visit their admin
page because this page causes blocking or `50x error (reverse proxy
timeout)`
* The `actions` stat is not useful. The table is simply too large. Does
it really matter if it contains 1,000,000 rows or 9,999,999 rows?
* The translation `admin.dashboard.statistic_info` is difficult to
maintain.

So, this PR uses a separate page to show the stats and removes the
`actions` stat.


![image](https://github.com/go-gitea/gitea/assets/2114189/babf7c61-b93b-4a62-bfaa-22983636427e)

## ⚠️ BREAKING

The `actions` Prometheus metrics collector has been removed for the
reasons mentioned beforehand.
Please do not rely on its output anymore.
2023-06-03 22:03:41 +08:00
Yarden Shoham
4486dd39e7
Remove cancel button from branch protection form (#25063)
It caused bugs. To cancel, just navigate away.

- Follows #21381 and #21872
- Resolves #25038 

## Before

![image](https://github.com/go-gitea/gitea/assets/20454870/068c8d96-fc50-4725-8af2-d953e9f39024)

## After

![image](https://github.com/go-gitea/gitea/assets/20454870/105d5c50-e490-456a-a253-269b174c09ab)

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
2023-06-03 20:06:09 +08:00
Denys Konovalov
7d855efb1f
Allow for PKCE flow without client secret + add docs (#25033)
The PKCE flow according to [RFC
7636](https://datatracker.ietf.org/doc/html/rfc7636) allows for secure
authorization without the requirement to provide a client secret for the
OAuth app.

It is implemented in Gitea since #5378 (v1.8.0), however without being
able to omit client secret.
Since #21316 Gitea supports setting client type at OAuth app
registration.

As public clients are already forced to use PKCE since #21316, in this
PR the client secret check is being skipped if a public client is
detected. As Gitea seems to implement PKCE authorization correctly
according to the spec, this would allow for PKCE flow without providing
a client secret.

Also add some docs for it, please check language as I'm not a native
English speaker.

Closes #17107
Closes #25047
2023-06-03 05:59:28 +02:00
kodermho
7fca4056c4
Fix link to customizing-gitea (#25056)
The link to customizing-gitea in the label documentation is broken. This
PR should adjust the relative path to fix the link
2023-06-03 04:27:40 +02:00
6543
af3deb0b30
GitLab migration: Sanitize response for reaction list (#25054) 2023-06-02 20:35:50 +00:00
Tyrone Yeh
b6d8d695da
Add up and down arrows to selected lookup repositories (#24727)
Use up and down arrow key to select repositories


![image](https://github.com/go-gitea/gitea/assets/1255041/3f3bce64-86d9-4b37-994b-3d129ebf48d9)

---------

Co-authored-by: silverwind <me@silverwind.io>
2023-06-02 18:39:07 +00:00